ASP + SQL Server Build Web Firewall

xiaoxiao2021-03-06  101

The main purpose of setting up firewalls for web pages is to provide different services to different visks according to web content, using Java Script or VB

Script, we can easily do this. But the source code of the web page can be seen in the customer browser, and the visitor can view the user authentication method used, which is just a surface-form firewall. ASP is the intermediate layer of client / server structure on the web, although it uses scripting languages ​​(Java

Script, VB

Script, etc.), the program code is running on the server, only the dynamic HTML file output by the ASP is only available, but the ASP still has some vulnerabilities, and you can see the source code of the ASP program. At this time, through ASP and SQL

Server combined, we can design simple, efficient, and reliable applications. The following is a brief introduction to its establishment process.

First, establish login

Establish visitors' login and password on SQL Server.

Second, create a database DSN on the web server

Use the ODBC Data Source Manager in Control Panel to create an ODBC for a database

The data resource name, that is, DSN, which can be connected to the specific database by using the database DSN.

"ODBC Data Source Manager" provides three DSNs, which are user DSN, system DSN, and file DSN, respectively. Wherein, the user DSN saves the corresponding configuration information in the registry of Windows, but only the login user of the DSN is allowed. The system DSN also saves the relevant configuration information in the system registry, but the user DSN is different from the system DSN allows users of all login servers.

Unlike the above two database DSN, the file DSN saves the specific configuration information in a specific file on the hard disk. File DSN allows users of all login servers to use, and even if they do not have any user login, access support to the database DSN can be provided. In addition, because the file DSN is saved in the hard disk file, it can be easily copied into other machines. In this way, users can use DSN created on other machines without any changes to the system registry.

In the above three database DSNs, it is recommended that the user selects the system DSN or file DSN. If the user prefer the portability of the file DSN, it can obtain a high security guarantee by setting the file under the NT system.

Create a new DSN, the user first chooses "Add", then select the user to establish the database type and select "SQL in the list in the pop-up window and select" SQL in the list "

Server ". If the user is to create a file DSN, click the" Next "button and enter the file name and save path of the file DSN to be established in the subsequent dialog. If the user is established, the system DSN, click" Complete "Button.

After selecting the database, the user needs to set the database DSN. Users need to select the specific server for providing the database service, set the login user name and password, and the database to connect.

Third, program design

The following is a simple page firewall function. This page only allows users to access users in the inner network (here, the IP address of the internal network is between 10.61.96. to 10.65.97.), if it is an external user to access the access user Name and password. To use the ServerVariables property of the Request object, get the value of the environment variable by it.

The file source code (FireWall.asp is as follows:

firewall.asp </ title></p> <p></ HEAD></p> <p><Body background = "# 800080"></p> <p><%</p> <p>'Get the IP address and save it in the variable Remoteip using Request.ServerVariables ("remote_addr")</p> <p>Remoteip = Request.ServerVariables ("remote_addr")</p> <p>STIP = CSTR (Remoteip)</p> <p>Take the value of the third segment of the IP address and save it to STIP</p> <p>For i = 1 to 2</p> <p>Stip = Right (STIP, LEN (stip) -instr (1, stip, "))))</p> <p>NEXT</p> <p>Stip = Left (stip, instr (1, stip, ") - 1)</p> <p>'IP address validity test and password verification, including two aspects: If the IP address is in line with verification; if the IP address does not meet, the user name is verified, whether the password is correct</p> <p>IF (Left (Remoteip, 5) <> "10.61" or stip <"96" or stip> "97") THEN</p> <p>UserName = Request.form ("T1")</p> <p>Password = Request.form ("t2")</p> <p>Set fs = creteObject ("scripting.filesystemobject")</p> <p>SET thisfile = fs.opentextfile ("dsn.txt")</p> <p>DB_LOC = thisfile.readline</p> <p>thisfile.close</p> <p>CNSTR = DB_LOC && "Uid =" && UserName && ";" && "pid =" && password</p> <p>ON Error ResMe next</p> <p>SET CN = Server.createObject ("AdoDb.Connection")</p> <p>CN.Open CNSTR</p> <p>IF ERR = 3709 THEN%></p> <p><P> <font color = "# ff0000"> Sorry, users: <% = username%> No access rights, or password is incorrect!</p> <p><br> </ font> </ p></p> <p><Form method = "pos"></p> <p><P align = "center"> Username: <input type = "text" name = "t1"</p> <p>SIZE = "20"> password: <input type = "password" name = "t2" size = "20"> <inputtype = "submit" value = "submit" name = "b1"> <input type = "reset" Value = "All overwritten"</p> <p>Name = "b2"></p> <p></ P></p> <p></ Form></p> <p><% End if</p> <p>Cn.close</p> <p>Set CN = Nothing%></p> <p><% ELSE%></p> <p>Congratulations, you have passed the verification, you can directly use the resources of this site!</p> <p><% End if%></p> <p></ Body></p> <p></ Html></p> <p>Slightly modify the information such as IP address, the program can run.</p> <p>Of course, it is just a firewall function that is implemented in a page. If a website has multiple pages, you can set a session variable to mark the user, and it is judged in the page below.</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-123193.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="123193" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.039</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'ZoSa1p5ibkjEiQjJIj6axEHewHoM6kGknWdHahFg8IIXMiQXGBwe6dlFVNCMKeVMBNjjNpj8Hz6cuCCIfpH8hw_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>