如何在我的网站中阻止请求域

时间:2019-02-21 05:31:39

标签: javascript php .htaccess

我的网站出现问题,脚本dan iframe从其他来源加载到我的网站中,并加载了17s的资源。

我的答案如何阻止请求域或阻止chrome中的dan iframe之类的url脚本blocked:devtool。或其他阻止请求的方式。 如果来自

的请求
  

http://p01.notifa.info/3fsmd3/request?id=1&enc=9UwkxLgY9&params=4TtHaUQnUEiP6K%2fc5C582JKzDzTsXZH28lzpTd4lMOgVPmVP%2bxdGlUBoJkaQetwsDkZ1aSjgsc8C%2fu5F%2fweJtH5wqDRRzt%2f%2fbwErUKUxGlRSVxSVuGTdpL8UAkgIgw4ZgZoOIupjTSKLajX1MoRjudBzoxroHQ4SEO6n2%2bYyVPPhsCheWHKiSzaJfjxHmTJc8kH4nbMg55Dg8p6PclCGMyaFoC1Njzj7IJ2jYgXBDNUOOywppzn%2bX03DQL4JalUPfVJn9vvQYrwpz30U4s9HyQ6zy7r9esiN8R5D9CHdj%2fVMWThzxEeWO7R0fl1Uf8P%2fP3ufi1%2f8Bp1CZQFQgoFJN1ha2mrP8xmYK8IH1mGuhbbJiQTZFn7CqtxiBrJZV2d54QW8DqEyhkwp51kdgf0FKn2DHciVtW91IpXkTtbzlPkue%2f26HwADq0dTNUZYIofk6uCeVRkGwDHOMq2Ns6pyvS%2bFUAYKoPI%2frqpDEa2THtliuRq1QuCta3ZBsskcRen8Y%2blYC1cnmjTbCcDD9k54L6pNO9%2bY4N4c4alsioW56x4rN0d5ZaMCk5oN7CGQ3PcD1z6gl6uR0Bk%3d&idc_r=68588259417&domain=dev.mywebsite.com&sw=1440&sh=900

  

http://x-tags.net/data/dmp/tag?p=1&tcid=28ac36f63de0197a3a5703065c7e491a0c313870

int标签<head>

<script type="text/javascript" async="" src="http://p01.notifa.info/3fsmd3/request?id=1&amp;enc=9UwkxLgY9&amp;params=4TtHaUQnUEiP6K%2fc5C582JKzDzTsXZH28lzpTd4lMOgVPmVP%2bxdGlUBoJkaQetwsDkZ1aSjgsc8C%2fu5F%2fweJtH5wqDRRzt%2f%2fbwErUKUxGlRSVxSVuGTdpL8UAkgIgw4ZgZoOIupjTSKLajX1MoRjudBzoxroHQ4SEO6n2%2bYyVPPhsCheWHKiSzaJfjxHmTJc8kH4nbMg55Dg8p6PclCGMyaFoC1Njzj7IJ2jYgXBDNUOOywppzn%2bX03DQL4JalUPfVJn9vvQYrwpz30U4s9HyQ6zy7r9esiN8R5D9CHdj%2fVMWThzxEeWO7R0fl1Uf8P%2fP3ufi1%2f8Bp1CZQFQgoFJN1ha2mrP8xmYK8IH1mGuhbbJiQTZFn7CqtxiBrJZV2d54QW8DqEyhkwp51kdgf0FKn2DHciVtW91IpXkTtbzlPkue%2f26HwADq0dTNUZYIofk6uCeVRkGwDHOMq2Ns6pyvS%2bFUAYKoPI%2frqpDEa2THtliuRq1QuCta3ZBsskcRen8Y%2blYC1cnmjTbCcDD9k54L6pNO9%2bY4N4c4alsioW56x4rN0d5ZaMCk5oN7CGQ3PcD1z6gl6uR0Bk%3d&amp;idc_r=68588259417&amp;domain=dev.mywebsite.com&amp;sw=1440&amp;sh=900"></script>

并在标签`

之后加载iframe
<iframe id="ifrm" scrolling="no" src="http://p01.notifa.info/campaign/log.php" style="height: 0px; width: 0px; overflow: hidden; border: 0px; padding: 0px;"></iframe>

有人可以帮助我解决这个问题吗?非常感谢!

1 个答案:

答案 0 :(得分:0)

在标题中设置Content-Security-Policy。

header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';");

此策略允许来自同一来源的图像,脚本,AJAX和CSS,并且不允许加载任何其他资源(例如,对象,框架,媒体等)。

https://content-security-policy.com/