网关将请求转发到外部时，需要过滤敏感请求头，若不过滤，请求头泄露了，会造成什么影响吗？

This topic created in 1503 days ago, the information mentioned may be changed or developed.

请求

过滤

网关

泄露

2 replies • 2022-04-19 12:34:25 +08:00

AoEiuV020CN

Apr 19, 2022

是说 Request header ？
一般包含 get 参数，可能还有一些鉴权信息，另外就是有些客户端信息，
什么影响不好说，要不你发几个样例大家看看有哪些有影响的数据，

Sunhcer

Apr 19, 2022

是的，比如以下 RequestHeader 参数：
:authority: xxx.com
:method: GET
:path: /gateway/questions?query=daily_hottest&page=1&size=9
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
content-type: application/json
cookie: _ga=GA1.2.2064040285.xxx; Hm_lvt_e23800c454aa573c0ccb16b52665ac26=xxx,1627203863,1627465270,1627562934; csrfToken=pOrHdM-zEFUfBAYVVxxx; showMotto=true; PHPSESSID=yyy; isCloseBeginnerGuide=1; referer=http://xxx.com/q/1010000041655818/edit; _gid=GA1.2.132730000.1650201310; PHPSESSID=bd36afab69d69df3f7b3f6xxx; _gat_gtag_UA_918487_8=1
referer: https://xxx.com/questions
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
token: bd36afab69d69df3f7b3f65ab46cc348
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36