asp.net防盗链如何做? 为了防址用户非法的http请求和下载我web目录下SqlMap文件夹下的XML的配置文件该如何做? 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 网上找的:/* * * 防盗链IHttpHandler * * * 增加了对文件关键字的选择(即仅对文件名存在某些关键字或不存在某些关键字进行过滤) * 设置web.config中<appSettings>节以下值 * string eWebapp_NoLink 如果文件名符合该正确表态式将进行过滤(不设置对所有进行过滤) * string eWebapp_AllowLink 如果文件名符合该正确表态式将不进行过滤(优先权高于AllowLink,不设置则服从AllowLink) * bool eWebapp_ AllowOnlyFile 如果为False,(默认true)则不允许用户直接对该文件进行访问建议为true * * * :)以下设置均可省略,设置只是为了增加灵活性与体验 * eWebapp_NoLink_Message 错误信息提示:默认为Link From:域名 * eWebapp_Error_Width 错误信息提示图片宽 * eWebapp_Error_Height 错误信息提示图片高 * * * * 垃圾猪 2005-9-11 创建 * http://ewebapp.net */using System;using System.Web;using System.Drawing;using System.Drawing.Imaging;using System.IO;using System.Configuration;using System.Text.RegularExpressions;namespace eWebapp{ /// <summary> /// 防盗链IHttpHandler /// 参考http://www.softat.org/archiver/tid-52114.html /// 垃圾猪 2005-9-12 修正 /// </summary> public class NoLink : IHttpHandler { private string eWebapp_NoLink = string.Empty; private string eWebapp_AllowLink = string.Empty; private bool eWebapp_AllowOnlyFile = true; private string eWebapp_NoLink_Message = string.Empty; private bool error = false; public NoLink() { // // TODO: 在此处添加构造函数逻辑 // } public void ProcessRequest(HttpContext context) { eWebapp_NoLink_Message = ConfigurationSettings.AppSettings["eWebapp_NoLink_Message"]; string myDomain = string.Empty; error = errorLink(context, out myDomain); if (Empty(eWebapp_NoLink_Message)) { eWebapp_NoLink_Message = "Link from :" + myDomain; } if (error) { //Jpg(context.Response,eWebapp_NoLink_Message); Jpg(context.Response, eWebapp_NoLink_Message); } else { Real(context.Response, context.Request); } } public bool IsReusable { get { return true; } } /// <summary> /// 输出错误信息 /// </summary> /// <param name="Response"></param> /// <param name="_word"></param> private void Jpg(HttpResponse Response, string _word) { int myErrorWidth = _word.Length * 15; int myErrorHeight = 16; try { int _myErrorWidth = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Width"]); if (_myErrorWidth > 0) { myErrorWidth = _myErrorWidth; } } catch { } try { int _myErrorHeight = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Height"]); if (_myErrorHeight > 0) { myErrorHeight = _myErrorHeight; } } catch { } Bitmap Img = null; Graphics g = null; MemoryStream ms = null; Img = new Bitmap(myErrorWidth, myErrorHeight); g = Graphics.FromImage(Img); g.Clear(Color.White); Font f = new Font("Arial", 9); SolidBrush s = new SolidBrush(Color.Red); g.DrawString(_word, f, s, 3, 3); ms = new MemoryStream(); Img.Save(ms, ImageFormat.Jpeg); Response.ClearContent(); Response.ContentType = "image/Gif"; Response.BinaryWrite(ms.ToArray()); g.Dispose(); Img.Dispose(); Response.End(); } /// <summary> /// 输出真实文件 /// </summary> /// <param name="response"></param> /// <param name="context"></param> private void Real(HttpResponse response, HttpRequest request) { FileInfo file = new System.IO.FileInfo(request.PhysicalPath); response.Clear(); response.AddHeader("Content-Disposition", "filename=" + file.Name); response.AddHeader("Content-Length", file.Length.ToString()); string fileExtension = file.Extension.ToLower(); //这里选择输出的文件格式 //可以参考http://ewebapp.cnblogs.com/articles/234756.html增加对更多文件格式的支持. switch (fileExtension) { case "mp3": response.ContentType = "audio/mpeg3"; break; case "mpeg": response.ContentType = "video/mpeg"; break; case "jpg": response.ContentType = "image/jpeg"; break; case "bmp": response.ContentType = "image/bmp"; break; case "gif": response.ContentType = "image/gif"; break; case "doc": response.ContentType = "application/msword"; break; case "css": response.ContentType = "text/css"; break; default: response.ContentType = "application/octet-stream"; break; } response.WriteFile(file.FullName); response.End(); } /// <summary> /// 确认字符串是否为空 /// </summary> /// <param name="_value"></param> /// <returns></returns> private bool Empty(string _value) { if (_value == null | _value == string.Empty | _value == "") { return true; } else { return false; } } /// <summary> /// 检查是否是非法链接 /// </summary> /// <param name="context"></param> /// <param name="_myDomain"></param> /// <returns></returns> private bool errorLink(HttpContext context, out string _myDomain) { HttpResponse response = context.Response; string myDomain = context.Request.ServerVariables["SERVER_NAME"]; _myDomain = myDomain; string myDomainIp = context.Request.UserHostAddress; eWebapp_NoLink = ConfigurationSettings.AppSettings["eWebapp_NoLink"]; eWebapp_AllowLink = ConfigurationSettings.AppSettings["eWebapp_AllowLink"]; try { eWebapp_AllowOnlyFile = Convert.ToBoolean(ConfigurationSettings.AppSettings["eWebapp_AllowOnlyFile"]); } catch { eWebapp_AllowOnlyFile = true; } if (context.Request.UrlReferrer != null) { //判定referDomain是否存在网站的IP或域名 string referDomain = context.Request.UrlReferrer.AbsoluteUri.Replace(context.Request.UrlReferrer.AbsolutePath, ""); string myPath = context.Request.RawUrl; if (referDomain.IndexOf(myDomainIp) >= 0 | referDomain.IndexOf(myDomain) >= 0) { return false; } else { //这里使用正则表达对规则进行匹配 try { Regex myRegex; //检查允许匹配 if (!Empty(eWebapp_AllowLink)) { myRegex = new Regex(eWebapp_AllowLink); if (myRegex.IsMatch(myPath)) { return false; } } //检查禁止匹配 if (!Empty(eWebapp_NoLink)) { myRegex = new Regex(eWebapp_NoLink); if (myRegex.IsMatch(myPath)) { return true; } else { return false; } } return true; } catch { //如果匹配出错,链接错误 return true; } } } else { //是否允许直接访问文件 if (eWebapp_AllowOnlyFile) { return false; } else { return true; } } } }} http://www.cnblogs.com/xucanzhao/archive/2006/04/18/378612.html 不行的,我用过,最后在IIS里面设置如下 我这个sql语句哪里错了啊? 做一个毕业设计,人事管理系统的,表设计的是否合理 获取外部网站链接的方法 kan kan 看孟子E章文章《在Web应用程序中执行计划任务》想到的问题,请教大家。 很郁闷的问题,而且太难解决了!大家都来看看 label中设置字体的大小。。。 主从关系的实现问题,特来讨教 请问: 在服务器资源管理器中,数据连接, 报ADO错误:没有注册类别 如何解决? 如何解决脚本错误 行:5 字符:10 错误:缺少';'代码:0 一个全局变量的问题! FCKeditor怎么引入样式
*
* 防盗链IHttpHandler
*
*
* 增加了对文件关键字的选择(即仅对文件名存在某些关键字或不存在某些关键字进行过滤)
* 设置web.config中<appSettings>节以下值
* string eWebapp_NoLink 如果文件名符合该正确表态式将进行过滤(不设置对所有进行过滤)
* string eWebapp_AllowLink 如果文件名符合该正确表态式将不进行过滤(优先权高于AllowLink,不设置则服从AllowLink)
* bool eWebapp_ AllowOnlyFile 如果为False,(默认true)则不允许用户直接对该文件进行访问建议为true
*
*
* :)以下设置均可省略,设置只是为了增加灵活性与体验
* eWebapp_NoLink_Message 错误信息提示:默认为Link From:域名
* eWebapp_Error_Width 错误信息提示图片宽
* eWebapp_Error_Height 错误信息提示图片高
*
*
*
* 垃圾猪 2005-9-11 创建
* http://ewebapp.net
*/using System;
using System.Web;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Configuration;
using System.Text.RegularExpressions;namespace eWebapp
{
/// <summary>
/// 防盗链IHttpHandler
/// 参考http://www.softat.org/archiver/tid-52114.html
/// 垃圾猪 2005-9-12 修正
/// </summary>
public class NoLink : IHttpHandler
{
private string eWebapp_NoLink = string.Empty;
private string eWebapp_AllowLink = string.Empty;
private bool eWebapp_AllowOnlyFile = true; private string eWebapp_NoLink_Message = string.Empty;
private bool error = false; public NoLink()
{
//
// TODO: 在此处添加构造函数逻辑
//
} public void ProcessRequest(HttpContext context)
{
eWebapp_NoLink_Message = ConfigurationSettings.AppSettings["eWebapp_NoLink_Message"]; string myDomain = string.Empty; error = errorLink(context, out myDomain); if (Empty(eWebapp_NoLink_Message))
{
eWebapp_NoLink_Message = "Link from :" + myDomain;
} if (error)
{
//Jpg(context.Response,eWebapp_NoLink_Message);
Jpg(context.Response, eWebapp_NoLink_Message);
}
else
{
Real(context.Response, context.Request);
} } public bool IsReusable
{
get
{
return true;
}
} /// <summary>
/// 输出错误信息
/// </summary>
/// <param name="Response"></param>
/// <param name="_word"></param>
private void Jpg(HttpResponse Response, string _word)
{ int myErrorWidth = _word.Length * 15;
int myErrorHeight = 16;
try
{
int _myErrorWidth = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Width"]);
if (_myErrorWidth > 0)
{
myErrorWidth = _myErrorWidth;
} }
catch
{ }
try
{
int _myErrorHeight = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Height"]);
if (_myErrorHeight > 0)
{
myErrorHeight = _myErrorHeight;
}
}
catch
{ }
Bitmap Img = null;
Graphics g = null;
MemoryStream ms = null;
Img = new Bitmap(myErrorWidth, myErrorHeight);
g = Graphics.FromImage(Img);
g.Clear(Color.White);
Font f = new Font("Arial", 9);
SolidBrush s = new SolidBrush(Color.Red);
g.DrawString(_word, f, s, 3, 3);
ms = new MemoryStream();
Img.Save(ms, ImageFormat.Jpeg);
Response.ClearContent();
Response.ContentType = "image/Gif";
Response.BinaryWrite(ms.ToArray());
g.Dispose();
Img.Dispose();
Response.End();
}
/// <summary>
/// 输出真实文件
/// </summary>
/// <param name="response"></param>
/// <param name="context"></param>
private void Real(HttpResponse response, HttpRequest request)
{
FileInfo file = new System.IO.FileInfo(request.PhysicalPath); response.Clear(); response.AddHeader("Content-Disposition", "filename=" + file.Name); response.AddHeader("Content-Length", file.Length.ToString()); string fileExtension = file.Extension.ToLower(); //这里选择输出的文件格式
//可以参考http://ewebapp.cnblogs.com/articles/234756.html增加对更多文件格式的支持. switch (fileExtension)
{ case "mp3":
response.ContentType = "audio/mpeg3";
break; case "mpeg": response.ContentType = "video/mpeg";
break; case "jpg": response.ContentType = "image/jpeg";
break; case "bmp": response.ContentType = "image/bmp";
break; case "gif": response.ContentType = "image/gif";
break; case "doc": response.ContentType = "application/msword"; break;
case "css": response.ContentType = "text/css";
break; default: response.ContentType = "application/octet-stream";
break; } response.WriteFile(file.FullName); response.End();
} /// <summary>
/// 确认字符串是否为空
/// </summary>
/// <param name="_value"></param>
/// <returns></returns>
private bool Empty(string _value)
{
if (_value == null | _value == string.Empty | _value == "")
{
return true;
}
else
{
return false;
}
} /// <summary>
/// 检查是否是非法链接
/// </summary>
/// <param name="context"></param>
/// <param name="_myDomain"></param>
/// <returns></returns>
private bool errorLink(HttpContext context, out string _myDomain)
{
HttpResponse response = context.Response;
string myDomain = context.Request.ServerVariables["SERVER_NAME"];
_myDomain = myDomain;
string myDomainIp = context.Request.UserHostAddress; eWebapp_NoLink = ConfigurationSettings.AppSettings["eWebapp_NoLink"];
eWebapp_AllowLink = ConfigurationSettings.AppSettings["eWebapp_AllowLink"]; try
{
eWebapp_AllowOnlyFile = Convert.ToBoolean(ConfigurationSettings.AppSettings["eWebapp_AllowOnlyFile"]);
}
catch
{
eWebapp_AllowOnlyFile = true;
} if (context.Request.UrlReferrer != null)
{ //判定referDomain是否存在网站的IP或域名
string referDomain = context.Request.UrlReferrer.AbsoluteUri.Replace(context.Request.UrlReferrer.AbsolutePath, "");
string myPath = context.Request.RawUrl; if (referDomain.IndexOf(myDomainIp) >= 0 | referDomain.IndexOf(myDomain) >= 0)
{
return false;
}
else
{
//这里使用正则表达对规则进行匹配
try
{
Regex myRegex; //检查允许匹配
if (!Empty(eWebapp_AllowLink))
{ myRegex = new Regex(eWebapp_AllowLink); if (myRegex.IsMatch(myPath))
{
return false;
} } //检查禁止匹配
if (!Empty(eWebapp_NoLink))
{ myRegex = new Regex(eWebapp_NoLink);
if (myRegex.IsMatch(myPath))
{
return true;
}
else
{
return false;
} } return true; }
catch
{
//如果匹配出错,链接错误
return true;
}
}
}
else
{
//是否允许直接访问文件
if (eWebapp_AllowOnlyFile)
{
return false;
}
else
{
return true;
}
} } }}