zoukankan      html  css  js  c++  java
  • [转]:ASP.net中实现基于UrlRewrite的防盗链

    注:在博客上放置此文只是为了我自己查找方便。

    原文地址:http://www.cnblogs.com/lilei/articles/1046031.html

    实利用UrlRewrite与IIS的设置我们可以实现简单而有效的防盗链功能。

    假设你的站点有一个文件:web.rar,你希望只有具有某些特定域名的来源地址或是已经登陆的用户才能访问,这时就得用到防盗链功能,在ASP时代,我们需要借助第三方组件来完成这个效果,但是在ASP.net中我们可直接利用Context.RewritePath来实现了。

    下载配置文件:

    <?xml version="1.0" encoding="utf-8"?>
    <DownLoad>
      <CheckType>1</CheckType>
      <CookiesName>username</CookiesName>
      <UrlPattern>
        <![CDATA[\/(.+?)\.rar\b]]>
      </UrlPattern>
      <UrlReplace>
        <![CDATA[Default.aspx?d=$1.rar]]>
      </UrlReplace>
      <AllowHost>
        <![CDATA[127.0.0.1]]>
      </AllowHost>
    </DownLoad>

    说明:

    CheckType:要求验证的类型(1:只验证合法的域名,2:只验证是否有cookies,3:同时验证域名与cookies)
    CookiesName:要验证的cookies名称,可为空。
    UrlPattern:请求的URL格式。
    UrlReplace:当下载无效时转向的URL格式。
    AllowHost:允许的来源域名。

    Global.aspx中的配置:

        void Application_BeginRequest(object sender, EventArgs e)
        {
            bool IsAllowDomain = false;
            bool IsLogin = false;
            string CookiesName = "UserName", AllowHost, ReferrerHost="";
            int CheckType = 1;
            bool AllowDown = false;
            string[] AllowHostArr;
            string UrlPattern = "", UrlReplace = "";
            string[] pattern, replace;
            string ConfigFile = ConfigurationManager.AppSettings["DownLoadConfig"];
            if (ConfigFile != "")
            {
                try
                {
                    System.Xml.XmlDataDocument XDConfig = new System.Xml.XmlDataDocument();
                    XDConfig.Load(AppDomain.CurrentDomain.BaseDirectory + @"\" + ConfigFile);
                    if (XDConfig.SelectSingleNode("DownLoad/CheckType").InnerText != "")
                    {
                        CheckType = int.Parse(XDConfig.SelectSingleNode("DownLoad/CheckType").InnerText);
                    }
                    if (XDConfig.SelectSingleNode("DownLoad/CookiesName").InnerText != "")
                    {
                        CookiesName = XDConfig.SelectSingleNode("DownLoad/CookiesName").InnerText;
                    }
                    AllowHost = XDConfig.SelectSingleNode("DownLoad/AllowHost ").InnerText;
                    AllowHostArr = AllowHost.Split('|');
                    UrlPattern = XDConfig.SelectSingleNode("DownLoad/UrlPattern").InnerText;
                    UrlReplace = XDConfig.SelectSingleNode("DownLoad/UrlReplace").InnerText;
                    pattern = UrlPattern.Split('@');
                    replace = UrlReplace.Split('@');
                    if (CookiesName == "") CookiesName = "UserName";
                    IsLogin = false.Equals(Request.Cookies[CookiesName] == null || Request.Cookies[CookiesName].Value == "");
                    if (Request.UrlReferrer != null) ReferrerHost = Request.UrlReferrer.Host.ToString();
                    if (AllowHostArr.Length < 1)
                    {
                        IsAllowDomain = true;
                    }
                    else
                    {
                        for (int HostI = 0; HostI < AllowHostArr.Length - 1; HostI++)
                        {
                            if (AllowHostArr[HostI].ToLower() == ReferrerHost.ToLower())
                            {
                                IsAllowDomain = true;
                                break;
                            }
                        }
                    }
                    switch (CheckType)
                    {
                        case 1:
                            AllowDown = true.Equals(IsAllowDomain);
                            break;
                        case 2:
                            AllowDown = IsLogin;
                            break;
                        case 3:
                            AllowDown = true.Equals(IsAllowDomain && IsLogin);
                            break;
                    }
                    if (AllowDown == false)
                    {
                        string oldUrl = HttpContext.Current.Request.RawUrl;
                        string newUrl = oldUrl;
                        for (int iii = 0; iii < pattern.Length; iii++)
                        {
                            if (Regex.IsMatch(oldUrl, pattern[iii], RegexOptions.IgnoreCase | RegexOptions.Compiled))
                            {
                                newUrl = Regex.Replace(oldUrl, pattern[iii], replace[iii], RegexOptions.Compiled | RegexOptions.IgnoreCase);
                                oldUrl = newUrl;
                            }
                        }
                        this.Context.RewritePath(newUrl);
                    }
                }
                catch
                {
                }
            }
        }

    Web.Config中的配置:

     <appSettings>
        <add key="DownLoadConfig" value="DownLoad.config"/>
     </appSettings>

    IIS中的配置:



    可执行文件填入:c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll(视实际情况变动,与.aspx的一样就成)

    记得把那个:检查文件是否存在 前的勾去掉。

    你可为任何你想要防盗链的文件加上这个,其实在IIS6的2003Server版本中有一个“通配符应用程序映射”:


    添加了这个就等于把所有的请求都交给了.net,这样实现的防盗链,即使是迅雷或是别的什么下载工具照样是下不了的,下的文件名虽然是那个但是内容就完全不是了,嘿嘿。。。

    流浪是注定的宿命;
    漂泊是无尽的轮回。
  • 相关阅读:
    CodeForces.1174D.EhabandtheExpectedXORProblem(构造前缀异或和数组)
    HDU-6187.DestroyWalls(最大生成树)
    HDU.6186.CSCource.(前缀和数组和后缀和数组)
    <每日一题>Day 9:POJ-3281.Dining(拆点 + 多源多汇+ 网络流 )
    <每日一题> Day8:CodeForces-996A.Hit the Lottery(贪心)
    最小割 + 网络流变体
    <每日一题> Day7:CodeForces-1166C.A Tale of Two Lands (二分 + 排序)
    <每日一题> Day6:HDU递推专题完结
    <每日一题> Day5:简单递推两题
    POJ-3122.Pie(二分法最大化平均值)
  • 原文地址:https://www.cnblogs.com/xpnew/p/1203422.html
Copyright © 2011-2022 走看看