Anti-theft chain method (transfer)

zhaozj2021-02-16  80

If we know the actual path of a static file such as: http://www.xx.com/download/51windows.pdf, if the server does not make special restriction settings, we can download it without effort! How can the downloader can't get his actual path when the website provides 51windows.pdf download! This article describes how to use ASP to hide the actual download path of the file.

When we manage the website file, we can put the extension the same file in the same directory, and set a more special name, such as the PDF file directory to the_pdf_file_s, saving the following code as Down.asp, his online path is http : //www.xx.com/down.asp, we can use http://www.xx.com/down.asp?filename =51windows.pdf to download this file, and the downloader can't see this file Actual download path! In Down.asp, we can also set whether the download file needs to be logged in, it is determined whether the downloaded source page is an external website, so that the file can be prevented from being stolen.

Sample code:

<% From_url = Cstr (Request.ServerVariables ( "HTTP_REFERER")) Serv_url = Cstr (Request.ServerVariables ( "SERVER_NAME")) if mid (From_url, 8, len (Serv_url)) <> Serv_url then response.write "illegal links ! "'Prevention of stense.endend IF

If Request.cookies ("logined") = "" "" "" The response.Redirect "/login.asp" needs to be logged in! end ifFunction GetFileName (longname) '/ folder1 / folder2 / file.asp => file.asp while instr (longname, "/") longname = right (longname, len (longname) -1) wend GetFileName = longnameEnd FunctionDim StreamDim ContentsDim FileNameDim TrueFileNameDim FileExtConst adTypeBinary = 1FileName = Request.QueryString ( "fileName") if fileName = "" Then Response.Write "invalid file name!" Response.EndEnd ifFileExt = Mid (fileName, InStrRev (fileName, ".") 1) Select Case Ucase (FileExt) Case "ASP", "ASA", "ASPX", "ASAX", "MDB" illegal operation! "Response.ndend selectResponse.clearif Lcase (Right (filename, 3)) =" GIF "OR LCASE (Right (FileName, 3)) =" JPG "or LCase (Right (filename, 3)) =" PNG "the response.contentType =" image / * "" Download dialog box ELSE Response.ContentType = "application / ms-download" end ifResponse.AddHeader "content-disposition", "attachment; filename =" & GetFileName (Request.QueryString ( "fileName")) Set Stream = server.CreateObject ( "ADODB.Stream ") Stream.type = adtypebinaryStream.openif Lcase (Right (Fi Lename, 3)) = "PDF" THEN 'Settings PDF Type File Directory TrueFileName = "/ THE_PDF_FILE_S /" & FileNameEnd if ifness (Right (FileName, 3)) = "DOC" TEN' Settings DOC Type File Directory TRUEFileName = "/ MY_D_O_C_FILE / "& FileNameEnd IFIF LCASE (Right (FileName, 3)) =" GIF "or LCase (Right (FileName, 3)) =" JPG "or LCase (Right (filename, 3)) =" PNG "

转载请注明原文地址:https://www.9cbs.com/read-12778.html

New Post(0)