English
 电子信箱
 加入收藏

  威盾防火墙 >> 新闻中心 >> 威盾新闻 >> 利用ADODB.Stream 防盗链
 

利用ADODB.Stream 防盗链

威盾防火墙 2015-02-25
 

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
'******************************
'文件名使用URL参数/表单项传递,项名为FileName,对GIF和JPG等图片直接输出,其他文件则一律弹出下载提示框
'例:<img src="showFile.asp?FileName=1.jpg" border="0" />
' <a href="showFile.asp?FileName=1.doc">下载文件</a>
'******************************
On Error Resume Next
Response.Buffer = True
Response.Clear

Const FileDir = "" '根据你的文件所在目录修改
Function GetFilePath(FileName,FileDir) '防止盗链,当来源地址中的域名和当前文件地址的域名不同时则输出自定义错误图片nosteal.gif
Dim Server_v1,Server_v2
Server_v1 = Cstr(Request.ServerVariables("HTTP_REFERER"))
Server_v2 = Cstr(Request.ServerVariables("SERVER_NAME"))
IF(Server_v1<>"" And Mid(Server_v1,8,Len(Server_v2)) = Server_v2)THEN
GetFilePath = FileDir & FileName
ELSE
GetFilePath = "nosteal.gif"
END IF
End Function

Function GetContentType(FileName)
Select Case LCASE(Right(FileName, 4))
Case ".asf"
GetContentType = "video/x-ms-asf"
Case ".avi"
GetContentType = "video/avi"
Case ".doc"
GetContentType = "application/msword"
Case ".zip"
GetContentType = "application/zip"
Case ".xls"
GetContentType = "application/vnd.ms-excel"
Case ".jpg","jpeg",".gif",".png",".bmp"
GetContentType = "image/*"
Case ".wav"
GetContentType = "audio/wav"
Case ".mp3"
GetContentType = "audio/mpeg3"
Case ".mpg", "mpeg"
GetContentType = "video/mpeg"
Case ".rtf"
GetContentType = "application/rtf"
Case ".htm", "html"
GetContentType = "text/html"
Case ".txt"
GetContentType = "text/plain"
Case ELSE
GetContentType = "application/octet-stream"
End Select
End Function

Sub UseStream(FilePathString,FileNameString)
Dim FileStream,File,FileContentType,IsAttachment
SET FileStream = Server.CreateObject("ADODB.Stream")
FileStream.Open
FileStream.Type = 1
FileStream.LoadFromFile(Server.MapPath(FilePathString))
FileContentType = GetContentType(FileNameString)
IF(FileContentType <> "image/*")THEN
IsAttachment = "attachment; "
ELSE
IsAttachment = ""
END IF
Response.AddHeader "Content-Disposition", IsAttachment & "filename=" & FileNameString
Response.AddHeader "Content-Length", FileStream.Size
Response.Charset = "UTF-8"
Response.ContentType = FileContentType
Response.BinaryWrite FileStream.Read 
Response.Flush

FileStream.Close
SET FileStream = Nothing
End Sub

Dim FileName,FilePath
FileName = Trim(Request.QueryString("FileName"))
FilePath = GetFilePath(FileName,FileDir)
UseStream FilePath,FileName
IF(Err.Number <> 0)THEN
Err.Clear
Server.Execute("NoImg.gif")
END IF
%>
相关内容: 最新内容:
流媒体服务器防盗链插件-Auth Plug[2015-02-25]
PHP做好防盗链的基本思想 防盗链的设置方法[2015-02-07]
1.5.3 防盗链配置实例[2015-02-05]
8种网站防止盗链的方法[2015-02-05]
PHP做好防盗链的基本思想 防盗链的设置方法[2015-02-05]
谈谈网站防盗链[2015-01-27]
 流媒体服务器防盗链插件-Auth Plug[2015-02-25]
Web应用常见的安全威胁分析[2015-02-25]
WEB应用风险扫描的研究与应用[2015-02-25]
Java语言实现Web服务请求[2015-02-25]
浅析Web安全[2015-02-25]
Web服务器配置缺陷[2015-02-25]