• ASP.NET 防盗链源码


    防盗链原理:

    http标准协议中有专门的字段记录referer

    一来可以追溯上一个入站地址是什么

    二来对于资源文件,可以跟踪到包含显示他的网页地址是什么。

    因此所有防盗链方法都是基于这个Referer字段

    解决方法:
    (一)创建一个继承了System.Web.IHttpHandler接口的类
    在System.Web.IHttpHandler接口有两个成员ProcessRequest()方法和IsReusable()属性。ProcessRequest(System.Web.HttpContext context) 方法,除了用户自定义中被要求处理的特殊的http请求。其中的参数 System.Web.HttpContext 类的实例装入了一个http请求中http协议中要求的所有信息。其中System.Web.HttpContext 类中包含有属性 Request 使得从客户端发送过来的http请求信息的值可以被方便地读取;属性Response 它封装了需要返回给客户端的信息和操作。
    IsReusable()属性要置为true.

    (二) 创建一个资源图片的方法Real()
    1.若是盗链服务器给其错误图片。
    2.若不是盗链服务器给其正常的图片。
    在Real()方法中用到了FileInfo 这个类去取得图片的扩展名并用来判断图片的类型.

    (三) 注意页面的缓存(response.Expires=1;获取和设置浏览器上缓存的页过期之前的分钟数.如果用户在页过期之前返回同一页,则显示缓存的内容)

    (四)配置应用程序扩展名映射
    因为IIS在接收到aspx页面请求时,会为其自动加载一个C:\WINDOWS\Micosoft.NET\Framework\v1.1.4322
    \aspnet_isapi.dll文件。
    虚拟目录和文件夹的属性里面的”执行许可”改为“纯脚本”。
    若是有多个Web.config那么只要在总目录下有就可以了,其它地方的均可删除。
    (五)在 Web.config这个网络应用程序配置文件中加入注册信息
    <system.web>
    <httpHandlers>
    <add verb = "*" path = "*.jpg\.ief\.jpg\.jepg\.bmp\.png\.tif\.emf\.ras\.pnm\.pbm\.pgm
    \.ppm\.rgb\.xbm\.xpm\.xwd\.did\.ico\.emf"type="eWebapp.NoLink,eWebapp"/>
    .
    .
    </httpHandlers>
    </system.web>\

    /*
    *
    * 防盗链IHttpHandler
    *
    *
    * 增加了对文件关键字的选择(即仅对文件名存在某些关键字或不存在某些关键字进行过滤)
    * 设置web.config中<appSettings>节以下值
    * string eWebapp_NoLink 如果文件名符合该正确表态式将进行过滤(不设置对所有进行过滤)
    * string eWebapp_AllowLink 如果文件名符合该正确表态式将不进行过滤(优先权高于AllowLink,不设置则服从AllowLink)
    * bool eWebapp_ AllowOnlyFile 如果为False,(默认true)则不允许用户直接对该文件进行访问建议为true
    *
    *
    * :)以下设置均可省略,设置只是为了增加灵活性与体验
    * eWebapp_NoLink_Message 错误信息提示:默认为Link From:域名
    * eWebapp_Error_Width 错误信息提示图片宽
    * eWebapp_Error_Height 错误信息提示图片高
    *
    *
    *
    * 垃圾猪 2005-9-11 创建
    * http://ewebapp.net/
    */

    using System;
    using System.Web;
    using System.Drawing;
    using System.Drawing.Imaging;
    using System.IO;
    using System.Configuration;
    using System.Text.RegularExpressions;

    namespace eWebapp
    {
        /// <summary>
        /// 防盗链IHttpHandler
        /// 参考http://www.softat.org/archiver/tid-52114.html
        /// 垃圾猪 2005-9-12 修正
        /// </summary>
        public class NoLink : IHttpHandler
        {
            private string eWebapp_NoLink = string.Empty;
            private string eWebapp_AllowLink = string.Empty;
            private bool eWebapp_AllowOnlyFile = true;

            private string eWebapp_NoLink_Message = string.Empty;
            private bool error = false;

            public NoLink()
            {
                //
                // TODO: 在此处添加构造函数逻辑
                //
            }

            public void ProcessRequest(HttpContext context)
            {
                eWebapp_NoLink_Message = ConfigurationSettings.AppSettings["eWebapp_NoLink_Message"];

                string myDomain = string.Empty;

                error = errorLink(context, out myDomain);

                if (Empty(eWebapp_NoLink_Message))
                {
                    eWebapp_NoLink_Message = "Link from :" + myDomain;
                }

                if (error)
                {
                    //Jpg(context.Response,eWebapp_NoLink_Message);
                    Jpg(context.Response, eWebapp_NoLink_Message);
                }
                else
                {
                    Real(context.Response, context.Request);
                }

            }

            public bool IsReusable
            {
                get
                {
                    return true;
                }
            }

            /// <summary>
            /// 输出错误信息
            /// </summary>
            /// <param name="Response"></param>
            /// <param name="_word"></param>
            private void Jpg(HttpResponse Response, string _word)
            {

                int myErrorWidth = _word.Length * 15;
                int myErrorHeight = 16;
                try
                {
                    int _myErrorWidth = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Width"]);
                    if (_myErrorWidth > 0)
                    {
                        myErrorWidth = _myErrorWidth;
                    }

                }
                catch
                {

                }
                try
                {
                    int _myErrorHeight = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Height"]);
                    if (_myErrorHeight > 0)
                    {
                        myErrorHeight = _myErrorHeight;
                    }
                }
                catch
                {

                }
                Bitmap Img = null;
                Graphics g = null;
                MemoryStream ms = null;
                Img = new Bitmap(myErrorWidth, myErrorHeight);
                g = Graphics.FromImage(Img);
                g.Clear(Color.White);
                Font f = new Font("Arial", 9);
                SolidBrush s = new SolidBrush(Color.Red);
                g.DrawString(_word, f, s, 3, 3);
                ms = new MemoryStream();
                Img.Save(ms, ImageFormat.Jpeg);
                Response.ClearContent();
                Response.ContentType = "image/Gif";
                Response.BinaryWrite(ms.ToArray());
                g.Dispose();
                Img.Dispose();
                Response.End();
            }

            /// <summary>
            /// 输出真实文件
            /// </summary>
            /// <param name="response"></param>
            /// <param name="context"></param>
            private void Real(HttpResponse response, HttpRequest request)
            {
                FileInfo file = new System.IO.FileInfo(request.PhysicalPath);

                response.Clear();

                response.AddHeader("Content-Disposition", "filename=" + file.Name);

                response.AddHeader("Content-Length", file.Length.ToString());

                string fileExtension = file.Extension.ToLower();

                //这里选择输出的文件格式
                //可以参考http://ewebapp.cnblogs.com/articles/234756.html增加对更多文件格式的支持.

                switch (fileExtension)
                {

                case "mp3":
                    response.ContentType = "audio/mpeg3";
                    break;

                case "mpeg":

                    response.ContentType = "video/mpeg";
                    break;

                case "jpg":

                    response.ContentType = "image/jpeg";
                    break;

                case "bmp":

                    response.ContentType = "image/bmp";
                    break;

                case "gif":

                    response.ContentType = "image/gif";
                    break;

                case "doc":

                    response.ContentType = "application/msword";

                    break;
                case "css":

                    response.ContentType = "text/css";
                    break;

                default:

                    response.ContentType = "application/octet-stream";
                    break;

                }

                response.WriteFile(file.FullName);

                response.End();
            }

            /// <summary>
            /// 确认字符串是否为空
            /// </summary>
            /// <param name="_value"></param>
            /// <returns></returns>
            private bool Empty(string _value)
            {
                if (_value == null | _value == string.Empty | _value == "")
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }

            /// <summary>
            /// 检查是否是非法链接
            /// </summary>
            /// <param name="context"></param>
            /// <param name="_myDomain"></param>
            /// <returns></returns>
            private bool errorLink(HttpContext context, out string _myDomain)
            {
                HttpResponse response = context.Response;
                string myDomain = context.Request.ServerVariables["SERVER_NAME"];
                _myDomain = myDomain;
                string myDomainIp = context.Request.UserHostAddress;

                eWebapp_NoLink = ConfigurationSettings.AppSettings["eWebapp_NoLink"];
                eWebapp_AllowLink = ConfigurationSettings.AppSettings["eWebapp_AllowLink"];

                try
                {
                    eWebapp_AllowOnlyFile = Convert.ToBoolean(ConfigurationSettings.AppSettings["eWebapp_AllowOnlyFile"]);
                }
                catch
                {
                    eWebapp_AllowOnlyFile = true;
                }

                if (context.Request.UrlReferrer != null)
                {

                    //判定referDomain是否存在网站的IP或域名
                    string referDomain = context.Request.UrlReferrer.AbsoluteUri.Replace(context.Request.UrlReferrer.AbsolutePath, "");
                    string myPath = context.Request.RawUrl;

                    if (referDomain.IndexOf(myDomainIp) >= 0 | referDomain.IndexOf(myDomain) >= 0)
                    {
                        return false;
                    }
                    else
                    {
                        //这里使用正则表达对规则进行匹配
                        try
                        {
                            Regex myRegex;

                            //检查允许匹配
                            if (!Empty(eWebapp_AllowLink))
                            {

                                myRegex = new Regex(eWebapp_AllowLink);

                                if (myRegex.IsMatch(myPath))
                                {
                                    return false;
                                }

                            }

                            //检查禁止匹配
                            if (!Empty(eWebapp_NoLink))
                            {

                                myRegex = new Regex(eWebapp_NoLink);
                                if (myRegex.IsMatch(myPath))
                                {
                                    return true;
                                }
                                else
                                {
                                    return false;
                                }

                            }

                            return true;

                        }
                        catch
                        {
                            //如果匹配出错,链接错误
                            return true;
                        }
                    }
                }
                else
                {
                    //是否允许直接访问文件
                    if (eWebapp_AllowOnlyFile)
                    {
                        return false;
                    }
                    else
                    {
                        return true;
                    }
                }

            }

        }

    }

  • 相关阅读:
    ActiveReports中如何在后台导出运行时绑定数据源报表
    ActiveReports中如何控制页面的记录数
    WordPress建站固定链接问题
    Linux环境下使用g++编译C++
    Git diff结果显示分析
    VTK使用过程中遇到的问题
    右值引用、移动语义和完美转发(下)
    右值引用、移动语义和完美转发(中)
    右值引用、移动语义和完美转发(上)
    new和malloc的联系与区别(下)
  • 原文地址:https://www.cnblogs.com/happyday56/p/1362687.html
Copyright © 2020-2023  润新知