防火墙支持请求头拦截

src/Masuit.MyBlogs.Core/Extensions/Firewall/FirewallAttribute.cs

@@ -33,6 +33,17 @@ public class FirewallAttribute : IAsyncActionFilter
     public Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
     {
         var request = context.HttpContext.Request;
+        if (CommonHelper.SystemSettings.TryGetValue("BlockHeaderValues", out var v) && v.Length > 0)
+        {
+            var strs = v.Split("|", StringSplitOptions.RemoveEmptyEntries);
+            if (request.Headers.Values.Any(values => strs.Any(s => values.Contains(s))))
+            {
+                context.Result = new NotFoundResult();
+                return Task.CompletedTask;
+            }
+        }
+
+        request.Headers.Values.Contains("");
         var ip = context.HttpContext.Connection.RemoteIpAddress.ToString();
         var tokenValid = request.Cookies.ContainsKey("FullAccessToken") && request.Cookies["Email"].MDString(AppConfig.BaiduAK).Equals(request.Cookies["FullAccessToken"]);
 

src/Masuit.MyBlogs.Core/wwwroot/ng-views/views/system/firewall.html

@@ -87,6 +87,14 @@
                         </div>
                     </div>
                 </div>
+                <div class="col-md-12">
+                    <div class="input-group">
+                        <span class="input-group-addon">屏蔽固定的请求头值：</span>
+                        <div class="fg-line">
+                            <input class="form-control" ng-model="Settings.BlockHeaderValues" placeholder="禁止的HeaderValues，竖线分隔" type="text" />
+                        </div>
+                    </div>
+                </div>
                 <div class="col-md-12">
                     <div class="input-group">
                         <span class="input-group-addon">UA标识限制：</span>