asp.net防盗链如何做？

xufeiqing 2007-10-26 10:07:26

为了防址用户非法的http请求和下载我web目录下SqlMap文件夹下的XML的配置文件该如何做？

...全文

355 5 打赏收藏转发到动态举报

写回复

用AI写文章

5 条回复

切换为时间正序

请发表友善的回复…

发表回复

maolilove 2011-05-20

打赏
举报

又要写一遍HttpHandler啊！

xufeiqing 2007-10-30

打赏
举报

不行的，我用过，最后在IIS里面设置如下

SaintKaKa 2007-10-26

打赏
举报

http://www.cnblogs.com/xucanzhao/archive/2006/04/18/378612.html

SaintKaKa 2007-10-26

打赏
举报



  /// <summary> 

        /// 输出真实文件 

        /// </summary> 

        /// <param name="response"></param> 

        /// <param name="context"></param> 

        private void Real(HttpResponse response, HttpRequest request)

        {

            FileInfo file = new System.IO.FileInfo(request.PhysicalPath);



            response.Clear();



            response.AddHeader("Content-Disposition", "filename=" + file.Name);



            response.AddHeader("Content-Length", file.Length.ToString());



            string fileExtension = file.Extension.ToLower();



            //这里选择输出的文件格式 

            //可以参考http://ewebapp.cnblogs.com/articles/234756.html增加对更多文件格式的支持. 



            switch (fileExtension)

            {



            case "mp3":

                response.ContentType = "audio/mpeg3";

                break;



            case "mpeg":



                response.ContentType = "video/mpeg";

                break;



            case "jpg":



                response.ContentType = "image/jpeg";

                break;



            case "bmp":



                response.ContentType = "image/bmp";

                break;



            case "gif":



                response.ContentType = "image/gif";

                break;



            case "doc":



                response.ContentType = "application/msword";



                break;

            case "css":



                response.ContentType = "text/css";

                break;



            default:



                response.ContentType = "application/octet-stream";

                break;



            }



            response.WriteFile(file.FullName);



            response.End();

        }



        /// <summary> 

        /// 确认字符串是否为空 

        /// </summary> 

        /// <param name="_value"></param> 

        /// <returns></returns> 

        private bool Empty(string _value)

        {

            if (_value == null | _value == string.Empty | _value == "")

            {

                return true;

            }

            else

            {

                return false;

            }

        }



        /// <summary> 

        /// 检查是否是非法链接 

        /// </summary> 

        /// <param name="context"></param> 

        /// <param name="_myDomain"></param> 

        /// <returns></returns> 

        private bool errorLink(HttpContext context, out string _myDomain)

        {

            HttpResponse response = context.Response;

            string myDomain = context.Request.ServerVariables["SERVER_NAME"];

            _myDomain = myDomain;

            string myDomainIp = context.Request.UserHostAddress;



            eWebapp_NoLink = ConfigurationSettings.AppSettings["eWebapp_NoLink"];

            eWebapp_AllowLink = ConfigurationSettings.AppSettings["eWebapp_AllowLink"];



            try

            {

                eWebapp_AllowOnlyFile = Convert.ToBoolean(ConfigurationSettings.AppSettings["eWebapp_AllowOnlyFile"]);

            }

            catch

            {

                eWebapp_AllowOnlyFile = true;

            }



            if (context.Request.UrlReferrer != null)

            {



                //判定referDomain是否存在网站的IP或域名 

                string referDomain = context.Request.UrlReferrer.AbsoluteUri.Replace(context.Request.UrlReferrer.AbsolutePath, "");

                string myPath = context.Request.RawUrl;



                if (referDomain.IndexOf(myDomainIp) >= 0 | referDomain.IndexOf(myDomain) >= 0)

                {

                    return false;

                }

                else

                {

                    //这里使用正则表达对规则进行匹配 

                    try

                    {

                        Regex myRegex;



                        //检查允许匹配 

                        if (!Empty(eWebapp_AllowLink))

                        {



                            myRegex = new Regex(eWebapp_AllowLink);



                            if (myRegex.IsMatch(myPath))

                            {

                                return false;

                            }



                        }



                        //检查禁止匹配 

                        if (!Empty(eWebapp_NoLink))

                        {



                            myRegex = new Regex(eWebapp_NoLink);

                            if (myRegex.IsMatch(myPath))

                            {

                                return true;

                            }

                            else

                            {

                                return false;

                            }



                        }



                        return true;



                    }

                    catch

                    {

                        //如果匹配出错，链接错误 

                        return true;

                    }

                }

            }

            else

            {

                //是否允许直接访问文件 

                if (eWebapp_AllowOnlyFile)

                {

                    return false;

                }

                else

                {

                    return true;

                }

            }



        }



    }



}

SaintKaKa 2007-10-26

打赏
举报

网上找的：



/* 

* 

* 防盗链IHttpHandler 

* 

* 

* 增加了对文件关键字的选择(即仅对文件名存在某些关键字或不存在某些关键字进行过滤) 

* 设置web.config中<appSettings>节以下值 

* string eWebapp_NoLink 如果文件名符合该正确表态式将进行过滤(不设置对所有进行过滤) 

* string eWebapp_AllowLink 如果文件名符合该正确表态式将不进行过滤(优先权高于AllowLink,不设置则服从AllowLink) 

* bool eWebapp_ AllowOnlyFile 如果为False,(默认true)则不允许用户直接对该文件进行访问建议为true 

* 

* 

* :)以下设置均可省略,设置只是为了增加灵活性与体验 

* eWebapp_NoLink_Message 错误信息提示:默认为Link From:域名 

* eWebapp_Error_Width 错误信息提示图片宽 

* eWebapp_Error_Height 错误信息提示图片高 

* 

* 

* 

* 垃圾猪 2005-9-11 创建 

* http://ewebapp.net 

*/



using System;

using System.Web;

using System.Drawing;

using System.Drawing.Imaging;

using System.IO;

using System.Configuration;

using System.Text.RegularExpressions;



namespace eWebapp

{

    /// <summary> 

    /// 防盗链IHttpHandler 

    /// 参考http://www.softat.org/archiver/tid-52114.html 

    /// 垃圾猪 2005-9-12 修正 

    /// </summary> 

    public class NoLink : IHttpHandler

    {

        private string eWebapp_NoLink = string.Empty;

        private string eWebapp_AllowLink = string.Empty;

        private bool eWebapp_AllowOnlyFile = true;



        private string eWebapp_NoLink_Message = string.Empty;

        private bool error = false;



        public NoLink()

        {

            // 

            // TODO: 在此处添加构造函数逻辑 

            // 

        }



        public void ProcessRequest(HttpContext context)

        {

            eWebapp_NoLink_Message = ConfigurationSettings.AppSettings["eWebapp_NoLink_Message"];



            string myDomain = string.Empty;



            error = errorLink(context, out myDomain);



            if (Empty(eWebapp_NoLink_Message))

            {

                eWebapp_NoLink_Message = "Link from :" + myDomain;

            }



            if (error)

            {

                //Jpg(context.Response,eWebapp_NoLink_Message); 

                Jpg(context.Response, eWebapp_NoLink_Message);

            }

            else

            {

                Real(context.Response, context.Request);

            }



        }



        public bool IsReusable

        {

            get

            {

                return true;

            }

        }



        /// <summary> 

        /// 输出错误信息 

        /// </summary> 

        /// <param name="Response"></param> 

        /// <param name="_word"></param> 

        private void Jpg(HttpResponse Response, string _word)

        {



            int myErrorWidth = _word.Length * 15;

            int myErrorHeight = 16;

            try

            {

                int _myErrorWidth = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Width"]);

                if (_myErrorWidth > 0)

                {

                    myErrorWidth = _myErrorWidth;

                }



            }

            catch

            {



            }

            try

            {

                int _myErrorHeight = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Height"]);

                if (_myErrorHeight > 0)

                {

                    myErrorHeight = _myErrorHeight;

                }

            }

            catch

            {



            }

            Bitmap Img = null;

            Graphics g = null;

            MemoryStream ms = null;

            Img = new Bitmap(myErrorWidth, myErrorHeight);

            g = Graphics.FromImage(Img);

            g.Clear(Color.White);

            Font f = new Font("Arial", 9);

            SolidBrush s = new SolidBrush(Color.Red);

            g.DrawString(_word, f, s, 3, 3);

            ms = new MemoryStream();

            Img.Save(ms, ImageFormat.Jpeg);

            Response.ClearContent();

            Response.ContentType = "image/Gif";

            Response.BinaryWrite(ms.ToArray());

            g.Dispose();

            Img.Dispose();

            Response.End();

        }