ASP anti-theft chain and anti-download method

Anti-Theft Chain | Download If we know the actual path of a static file such as: Http://www.xx.com/download/51windows.pdf, if the server does not make a special restriction setting, we can download it effortlessly! When the site provides 51windows.pdf download, how to let the download can not get his actual path it! This article describes how to use ASP to hide the actual download path of a file.


  


We manage Web site files, we can put the same file name extension under the same directory, a more special names, such as the PDF file directory for the_pdf_file_s, save the following code as down.asp, his online path is http:// Www.xx.com/down.asp, can we use http://www.xx.com/down.asp? Filename=51windows.pdf to download this file, and the download can not see the actual download path of this file! In down.asp we can also set whether the download file need to log in, to determine whether the source page of the download is an external site, so you can prevent files from being hotlinking.


  


Sample code:


<%


From_url = Cstr (Request.ServerVariables ("Http_referer"))


Serv_url = Cstr (Request.ServerVariables ("SERVER_NAME"))


if Mid (From_url,8,len (serv_url)) <> Serv_url then


Response.Write "Illegal link! "' Prevent hotlinking


Response.End


End If





if Request.Cookies ("logined") = "" Then


Response.Redirect "/login.asp" needs landing!


End If


Function GetFileName (longname) '/folder1/folder2/file.asp=>file.asp


while InStr (LongName, "/")


longname = Right (Longname,len (longname)-1)


Wend


GetFileName = longname


End Function


Dim Stream


Dim Contents


Dim FileName


Dim Truefilename


Dim Fileext


Const adtypebinary = 1


filename = request.querystring ("filename")


If FileName = "" Then


Response.Write "Invalid filename! "


Response.End


End If


fileext = Mid (filename, InStrRev (filename, ".") + 1)


Select Case UCase (fileext)


case "ASP", "ASA", "ASPX", "ASAX", "MDB"


Response.Write "Illegal operation! "


Response.End


End Select


Response.Clear


If LCase (right (filename,3) = "gif" or LCase (right (filename,3)) = "JPG" or LCase (right (filename,3)) = "png" then


Response.ContentType = "image/*" does not appear on the image File Download dialog box


Else


Response.ContentType = "Application/ms-download"


End If


Response.AddHeader "content-disposition", "attachment;" Filename= "& GetFileName (Request.QueryString (" FileName "))


Set Stream = server. CreateObject ("ADODB.") Stream ")


Stream.type = adTypeBinary


Stream.open


If LCase (right filename,3) = "pdf" Then ' Set PDF type file directory


truefilename = "/the_pdf_file_s/" &filename


End If


If LCase (right (filename,3)) = "Doc" Then ' Set Doc type file directory


truefilename = "/my_d_o_c_file/" &filename


End If


If LCase (right (filename,3) = "gif" or LCase (right (filename,3)) = "JPG" or LCase (right (filename,3)) = "png" then


truefilename = "/all_images_/" &filename ' Set image file directory


End If


stream.loadfromfile Server.MapPath (truefilename)


While not Stream.eos


response.binarywrite Stream.read (1024 * 64)


Wend


Stream.Close


Set Stream = Nothing


Response.Flush


Response.End


%>