Xiaopeng Han <******@****.***> 1686841337 +0800

Xiaopeng Han <******@****.***> 1686841337 +0800

HTTPS
=====

OkHttp attempts to balance two competing concerns:

 * **Connectivity** to as many hosts as possible. That includes advanced hosts that run the latest versions of [boringssl](https://boringssl.googlesource.com/boringssl/) and less out of date hosts running older versions of [OpenSSL](https://www.openssl.org/).

    private fun buildBootstrapClient(builder: Builder): Dns {
      val hosts = builder.bootstrapDnsHosts

      return if (hosts != null) {
        BootstrapDns(builder.url!!.host, hosts)
      } else {
        builder.systemDns
      }
    }

    internal fun isPrivateHost(host: String): Boolean {
      return PublicSuffixDatabase.get().getEffectiveTldPlusOne(host) == null
    }
  }

```
minio server http://host{1...2}/export{1...8}
```

Expected expansion

```
> http://host1/export1
> http://host2/export1
> http://host1/export2
> http://host2/export2
> http://host1/export3
> http://host2/export3
> http://host1/export4
> http://host2/export4
> http://host1/export5
> http://host2/export5
> http://host1/export6
> http://host2/export6
> http://host1/export7

### ufw

For hosts with ufw enabled (Debian based distros), you can use `ufw` command to allow traffic to specific ports. Use below command to allow access to port 9000

```sh
ufw allow 9000
```

Below command enables all incoming traffic to ports ranging from 9000 to 9010.

```sh
ufw allow 9000:9010/tcp
```

### firewall-cmd

{!../../../docs_src/advanced_middleware/tutorial001.py!}
```

## `TrustedHostMiddleware`

强制所有传入请求都必须正确设置 `Host` 请求头，以防 HTTP 主机头攻击。

```Python hl_lines="2  6-8"
{!../../../docs_src/advanced_middleware/tutorial002.py!}
```

支持以下参数：

* `allowed_hosts` - 允许的域名（主机名）列表。`*.example.com` 等通配符域名可以匹配子域名，或使用 `allowed_hosts=["*"]` 允许任意主机名，或省略中间件。

如果传入的请求没有通过验证，则发送 `400` 响应。

## `GZipMiddleware`

```

## `TrustedHostMiddleware`

Enforces that all incoming requests have a correctly set `Host` header, in order to guard against HTTP Host Header attacks.

```Python hl_lines="2  6-8"
{!../../../docs_src/advanced_middleware/tutorial002.py!}
```

The following arguments are supported:

        this.trustedCertificates += certificate
      }

    /**
     * Add all of the host platform's trusted root certificates. This set varies by platform
     * (Android vs. Java), by platform release (Android 4.4 vs. Android 9), and with user
     * customizations.
     *
     * Most TLS clients that connect to hosts on the public Internet should call this method.

    chain: Array<out X509Certificate>,
    authType: String,
    host: String,
  ): List<Certificate> {
    if (host in insecureHosts) return listOf()
    try {
      val method =
        checkServerTrustedMethod
          ?: throw CertificateException("Failed to call checkServerTrusted")
      return method.invoke(delegate, chain, authType, host) as List<Certificate>
    } catch (e: InvocationTargetException) {