欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

ASP防盗链及防下载的方法

程序员文章站 2022-05-15 15:13:44
如果我们知道一个静态文件的实际路径如:https://www.xx.com/download/51windows.pdf,如果服务器没有作特别的限制设置,我们就可以毫不费力的把它下载下来!当网站提供...

如果我们知道一个静态文件的实际路径如:https://www.xx.com/download/51windows.pdf,如果服务器没有作特别的限制设置,我们就可以毫不费力的把它下载下来!当网站提供51windows.pdf下载时,怎么样才能让下载者无法得到他的实际路径呢!本文就来介绍如何使用asp来隐藏文件的实际下载路径。

  我们在管理网站文件时,可以把扩展名一样的文件放在同一个目录下,起一个比较特别名字,例如放pdf文件目录为the_pdf_file_s,把下面代码另存为down.,他的网上路径为https://www.xx.com/down.asp,我们就可以用https://www.xx.com/down.asp?filename=51windows.pdf来下载这个文件了,而且下载者无法看到这个文件实际下载路径的!在down.asp中我们还可以设置下载文件是否需要登陆,判断下载的来源页是否为外部网站,从而可以做到防止文件被盗链。

示例代码:
<%
from_url = cstr(request.servervariables("http_referer"))
serv_url = cstr(request.servervariables("server_name"))
if mid(from_url,8,len(serv_url)) <> serv_url then
response.write "非法链接!" 防止盗链
response.end
end if

if request.cookies("logined")="" then
response.redirect "/login.asp" 需要登陆!
end if
function getfilename(longname)/folder1/folder2/file.asp=>file.asp
while instr(longname,"/")
longname = right(longname,len(longname)-1)
wend
getfilename = longname
end function
dim stream
dim contents
dim filename
dim truefilename
dim fileext
const adtypebinary = 1
filename = request.querystring("filename")
if filename = "" then
  response.write "无效文件名!"
  response.end
end if
fileext = mid(filename, instrrev(filename, ".") + 1)
select case ucase(fileext)
  case "asp", "asa", "aspx", "asax", "mdb"
    response.write "非法操作!"
    response.end
end select
response.clear
if lcase(right(filename,3))="gif" or lcase(right(filename,3))="jpg" or lcase(right(filename,3))="png" then
response.contenttype = "image/*" 对图像文件不出现下载对话框
else
response.contenttype = "application/ms-download"
end if
response.addheader "content-disposition", "attachment; filename=" & getfilename(request.querystring("filename"))
set stream = server.createobject("adodb.stream")
stream.type = adtypebinary
stream.open
if lcase(right(filename,3))="pdf" then 设置pdf类型文件目录
truefilename = "/the_pdf_file_s/"&filename
end if
if lcase(right(filename,3))="doc" then 设置doc类型文件目录
truefilename = "/my_d_o_c_file/"&filename
end if
if lcase(right(filename,3))="gif" or lcase(right(filename,3))="jpg" or lcase(right(filename,3))="png" then
truefilename = "/all_images_/"&filename 设置图像文件目录
end if
stream.loadfromfile server.mappath(truefilename)
while not stream.eos
  response.binarywrite stream.read(1024 * 64)
wend
stream.close
set stream = nothing
response.flush
response.end
%>