Bir API sunuyor:

```
http://localhost:8000/v1/agents/multivac
```

Ayrıca bir frontend var:

```
http://localhost:8000
```

/// tip | İpucu

İkisinin de host’u aynıdır.

///

Frontend’i kullanarak AI agent’a sizin adınıza işler yaptırabiliyorsunuz.

}

fun Requirements.requiresNotEc2Agent() {
    doesNotContain("teamcity.agent.name", "ec2")
    // US region agents have name "EC2-XXX"
    doesNotContain("teamcity.agent.name", "EC2")
}

/**
 * We have some "shared" host where a Linux build agent and a Windows build agent
 * both run on the same bare metal. Some builds require exclusive access to the

## Exemple d’attaque { #example-attack }

Imaginez que vous mettiez au point un moyen d’exécuter un agent IA local.

Il expose une API à l’adresse

```
http://localhost:8000/v1/agents/multivac
```

Il y a aussi un frontend à l’adresse

```
http://localhost:8000
```

/// tip | Astuce

Notez qu’ils ont le même hôte.

///

- 且沒有送出任何身分驗證憑證

這種攻擊主要與以下情境相關：

- 應用在本機（例如 `localhost`）或內部網路中執行
- 並且應用沒有任何身分驗證，假設同一個網路中的任何請求都可被信任

## 攻擊範例 { #example-attack }

假設你打造了一個在本機執行 AI 代理（AI agent）的方法。

它提供一個 API：

```
http://localhost:8000/v1/agents/multivac
```

同時也有一個前端：

```
http://localhost:8000
```

/// tip | 提示

請注意兩者的主機（host）相同。

///

接著你可以透過前端讓 AI 代理代你執行動作。

//   - Capacity Reporting
//   - Backup data locality for upload sessions (Veeam Smart Entity)
//   - Handover of IAM & STS Endpoints instead of manual definition in Veeam Backup & Replication. This allows Veeam
//     Agents to directly backup to object storage.
//
// An object storage system can implement one, multiple, or all functions.
//
//   - Optional (mandatory if <IAMSTS> is true): Set Endpoints for IAM and STS processing.
//

    // ============================================================
    // User Agent Configuration
    // ============================================================

    /** Prefix for Fess crawler user agent string. */
    public static final String CRAWLING_USER_AGENT_PREFIX = "Mozilla/5.0 (compatible; Fess/";

    /** Suffix for Fess crawler user agent string with bot information URL. */

  @Test fun ofMapAcceptsEmptyValue() {
    val headers = mapOf("User-Agent" to "").toHeaders()
    assertThat(headers.value(0)).isEqualTo("")
  }

  @Test fun ofMapTrimsKey() {
    val headers = mapOf(" User-Agent " to "OkHttp").toHeaders()
    assertThat(headers.name(0)).isEqualTo("User-Agent")
  }

  @Test fun ofMapTrimsValue() {
    val headers = mapOf("User-Agent" to " OkHttp ").toHeaders()

     * Set to -1 to disable automatic purging of user information.
     */
    @Min(-1)
    @Max(100000)
    @ValidateTypeFailure
    public Integer purgeUserInfoDay;

    /**
     * Bot user agents whose search logs should be purged.
     * Search logs from these bots will be automatically removed.
     */
    @Size(max = 10000)
    public String purgeByBots;

    /**

    @Test
    public void test_getUserAgentType_IE9() {
        getMockRequest().addHeader("user-agent", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)");
        assertEquals(UserAgentType.IE, userAgentHelper.getUserAgentType());
    }

    @Test
    public void test_getUserAgentType_IE10() {
        getMockRequest().addHeader("user-agent", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)");

 *  Fix: Include a backwards-compatible `OkHttp-Response-Source` header with
    `OkUrlFactory `responses.
 *  Fix: Don't include a default User-Agent header in requests made with the Call
    API. Requests made with OkUrlFactory will continue to have a default user
    agent.
 *  New: Guava-like API to create headers:

    ```java
    Headers headers = Headers.of(name1, value1, name2, value2, ...).
    ```