private fun buildBootstrapClient(builder: Builder): Dns {
      val hosts = builder.bootstrapDnsHosts

      return if (hosts != null) {
        BootstrapDns(builder.url!!.host, hosts)
      } else {
        builder.systemDns
      }
    }

    internal fun isPrivateHost(host: String): Boolean {
      return PublicSuffixDatabase.get().getEffectiveTldPlusOne(host) == null
    }
  }

### ufw

For hosts with ufw enabled (Debian based distros), you can use `ufw` command to allow traffic to specific ports. Use below command to allow access to port 9000

```sh
ufw allow 9000
```

Below command enables all incoming traffic to ports ranging from 9000 to 9010.

```sh
ufw allow 9000:9010/tcp
```

### firewall-cmd

{!../../../docs_src/advanced_middleware/tutorial001.py!}
```

## `TrustedHostMiddleware`

强制所有传入请求都必须正确设置 `Host` 请求头，以防 HTTP 主机头攻击。

```Python hl_lines="2  6-8"
{!../../../docs_src/advanced_middleware/tutorial002.py!}
```

支持以下参数：

* `allowed_hosts` - 允许的域名（主机名）列表。`*.example.com` 等通配符域名可以匹配子域名，或使用 `allowed_hosts=["*"]` 允许任意主机名，或省略中间件。

如果传入的请求没有通过验证，则发送 `400` 响应。

## `GZipMiddleware`

    chain: Array<out X509Certificate>,
    authType: String,
    host: String,
  ): List<Certificate> {
    if (host in insecureHosts) return listOf()
    try {
      val method =
        checkServerTrustedMethod
          ?: throw CertificateException("Failed to call checkServerTrusted")
      return method.invoke(delegate, chain, authType, host) as List<Certificate>
    } catch (e: InvocationTargetException) {

        this.trustedCertificates += certificate
      }

    /**
     * Add all of the host platform's trusted root certificates. This set varies by platform
     * (Android vs. Java), by platform release (Android 4.4 vs. Android 9), and with user
     * customizations.
     *
     * Most TLS clients that connect to hosts on the public Internet should call this method.

```

## `TrustedHostMiddleware`

Erzwingt, dass alle eingehenden Requests einen korrekt gesetzten `Host`-Header haben, um sich vor HTTP-Host-Header-Angriffen zu schützen.

```Python hl_lines="2  6-8"
{!../../../docs_src/advanced_middleware/tutorial002.py!}
```

Die folgenden Argumente werden unterstützt:

arguments for the hostnames and the drives via an ellipses syntax such as `minio server http://host{1...4}/disk{1...4}` this requirement added an additional burden to have sequential hostnames for us to make sure that we can provide horizontal distribution, however we have come across situations where sometimes this is not feasible and there are no easier alternatives without modifying /etc/hosts on the host system as root user.  Many times in airgapped deployments this is not allowed or requires audits...

# Gradle runtimes

Gradle is made up of the following processes that work together to "run the build":

- Gradle daemon. This is the process that actually runs the build. It hosts build logic and coordinates the lifecycle of the build. It is a long-running daemon process.
- CLI client. This is the `gradle` or `gradlew` command, and is responsible for locating, starting and interacting with the Gradle daemon, potentially downloading the Gradle distribution. 

  // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*").
  // Requests will be matched against the Host field in the following way:
  // 1. If host is precise, the request matches this rule if the http host header is equal to Host.
  // 2. If host is a wildcard, then the request matches this rule if the http host header
  // is to equal to the suffix (removing the first label) of the wildcard rule.

import javax.net.ssl.X509ExtendedTrustManager
import okhttp3.internal.peerName
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement

/**
 * This extends [X509ExtendedTrustManager] to disable verification for a set of hosts.
 *
 * Note that the superclass [X509ExtendedTrustManager] isn't available on Android until version 7
 * (API level 24).
 */
@IgnoreJRERequirement
internal class InsecureExtendedTrustManager(