如果我們知道一個靜態文件的實際路徑如如果服務器沒有作特別的限制設置我們就可以毫不費力的把它下載下來!當網站提供windowspdf下載時怎麼樣才能讓下載者無法得到他的實際路徑呢!本文就來介紹如何使用Asp來隱藏文件的實際下載路徑
我們在管理網站文件時可以把擴展名一樣的文件放在同一個目錄下起一個比較特別名字例如放pdf文件目錄為the_pdf_file_s把下面代碼另存為downasp他的網上路徑為我們就可以用?FileName=windowspdf來下載這個文件了而且下載者無法看到這個文件實際下載路徑的!在downasp中我們還可以設置下載文件是否需要登陸判斷下載的來源頁是否為外部網站從而可以做到防止文件被盜鏈
示例代碼:
<%
From_url = Cstr(RequestServerVariables(HTTP_REFERER))
Serv_url = Cstr(RequestServerVariables(SERVER_NAME))
if mid(From_urllen(Serv_url)) <> Serv_url then
responsewrite 非法鏈接! 防止盜鏈
responseend
end if
if RequestCookies(Logined)= then
responseredirect /loginasp 需要登陸!
end if
Function GetFileName(longname)/folder/folder/fileasp=>fileasp
while instr(longname/)
longname = right(longnamelen(longname))
wend
GetFileName = longname
End Function
Dim Stream
Dim Contents
Dim FileName
Dim TrueFileName
Dim FileExt
Const adTypeBinary =
FileName = RequestQueryString(FileName)
if FileName = Then
ResponseWrite 無效文件名!
ResponseEnd
End if
FileExt = Mid(FileName InStrRev(FileName ) + )
select Case UCase(FileExt)
Case ASP ASA ASPX ASAX MDB
ResponseWrite 非法操作!
ResponseEnd
End select
ResponseClear
if lcase(right(FileName))=gif or lcase(right(FileName))=jpg or lcase(right(FileName))=png then
ResponseContentType = image/* 對圖像文件不出現下載對話框
else
ResponseContentType = application/msdownload
end if
ResponseAddHeader contentdisposition attachment; filename= & GetFileName(RequestQueryString(FileName))
Set Stream = servercreateObject(ADODBStream)
StreamType = adTypeBinary
StreamOpen
if lcase(right(FileName))=pdf then 設置pdf類型文件目錄
TrueFileName = /the_pdf_file_s/&FileName
end if
if lcase(right(FileName))=doc then 設置DOC類型文件目錄
TrueFileName = /my_D_O_C_file/&FileName
end if
if lcase(right(FileName
))=
gif
or lcase(right(FileName
))=
jpg
or lcase(right(FileName
))=
png
then
TrueFileName =
/all_images_/
&FileName
設置圖像文件目錄
end if
Stream
LoadFromFile Server
MapPath(TrueFileName)
While Not Stream
EOS
Response
BinaryWrite Stream
Read(
*
)
Wend
Stream
Close
Set Stream = Nothing
Response
Flush
Response
End
%>
From:http://tw.wingwit.com/Article/program/net/201311/11977.html
