Use Asp+sql server to build a firewall for Web pages

The main purpose of setting up a firewall for a Web page is to provide different services to different visitors based on the content of the Web page, which we can easily do with Java script or VB script. But the source of the Web page in the client browser can be seen, visitors can view the user identification method used, this is only a surface form of the firewall. ASP is the middle tier of client/server architecture on the Web, although it is written using scripting language (Java script,vb script, etc.), program code runs on the server, and the client sees only dynamic HTML files exported by ASP, but the ASP still has some vulnerabilities. Take certain means can also see the source code of the ASP program. By combining ASP with SQL Server, we can design simple, efficient, and reliable applications. The following is a brief introduction to its establishment process.

I. Establishment of LOGIN
Create login and password for visitors on SQL Server.

Second, create a database DSN on a network server
Use the ODBC Data Source Administrator in Control Panel to create an ODBC data resource name for a database, DSN, so that you can later connect to a specific database by using a database DSN.

The ODBC Data Source Administrator provides three types of DSN, User DSN, System DSN, and File DSN, respectively. The user DSN saves the appropriate configuration information in the Windows registry, but only the logged-on user who created the DSN is allowed to use it. The System DSN also saves the configuration information in the system registry, but unlike the user DSN, the System DSN allows all users who log on to the server to use it.

Unlike the two database DSNs, the file DSN saves specific configuration information in a specific file on your hard disk. File DSNs allow all users who log on to the server to use it, and can provide access support for the database DSN even if no user is logged on. In addition, because the file DSN is saved in the hard disk file, it can be easily copied to another machine. This allows users to make any changes to the system registry and use DSN created on other machines directly.

In the above three kinds of database DSN, it is recommended that users select System DSN or File DSN, if users prefer File DSN portability, you can set the file access rights under the NT system to obtain higher security.

To create a new DSN, the user first selects Add, and then in the pop-up window, selects the type of database to which the user will establish the connection and selects the SQL Server item in the list. If the user is creating a file DSN, click the Next button and in the subsequent dialog box, enter the filename and save path for the file DSN that you want to create. If the user is creating a System DSN, click Finish.

After the database has been selected, the user needs to set up the database DSN. Users need to select the specific server that provides the database service, set the login username and password, and the database to which the user will connect.

Third, program design
The next thing to implement is a simple page firewall function. This page restricts access to the intranet of the Organization (assuming that the IP address of the intranet is from 10.61.96. to 10.65.97.) and requires an access username and password if it is an external user of the organization. Here you use the ServerVariables property of the Request object to obtain the value of the environment variable.

Program source code (FIREWALL.ASP) is as follows:

〈html〉

〈head〉

〈meta http-equiv= "Content-type" content= "text/html; Charset=gb_2312-80 "

〈meta name= "generator" content= "Microsoft FrontPage Express 2.0"

〈title〉firewall.asp〈/title〉

〈/head〉

〈body background= "#800080"

〈%

' Use Request.ServerVariables (' remote_addr ') to get the IP address and save it in the variable Remoteip

Remoteip=request.servervariables ("REMOTE_ADDR")

Stip=cstr (REMOTEIP)

' Get the value of the third segment of the IP address and save it in STIP

For I=1 to 2

Stip=right (Stip,len (STIP)-instr (1,stip, "."))

Next

Stip=left (Stip,instr (1,stip, ".") -1)

' IP address validity test and password verification, including two aspects: if the IP address is met by authentication; If the IP address does not match, verify that the username and password are entered correctly

if (left (remoteip,5) 〈〉 "10.61" or Stip〈 "stip〉") Then

Username=request.form ("T1")

Password=request.form ("T2")

Set fs = CreateObject ("Scripting.FileSystemObject")

Set thisfile = fs. OpenTextFile ("Dsn.txt")

Db_loc=thisfile.readline

Thisfile.close

cnstr=db_loc&& "uid=" &&username&& ";" && "Pid=" &&password

On Error Resume Next

Set Cn=server.createobject ("Adodb.connection")

Cn.open cnstr

If err=3709 then%〉

〈p〉〈font color= "#FF0000" Sorry, User: 〈%=username%〉 does not have access rights, or the password is incorrect! 〈br〉〈/font〉〈/p〉

〈form method= "POST"

〈p align= "center" username: 〈input type= "text" name= "T1" size= "20" Password: 〈input type= "password" name= "T2" size= "20" 〉〈input type = "Submit" value= "submitted" name= "B1" 〉〈input type= "reset" value= "all Rewrite" name= "B2"

〈/p〉

〈/form〉

〈%end if

Cn.close

Set cn=nothing%〉

〈%else%〉

Congratulations, you have passed the verification, you can directly use the resources of this site!

〈%end if%〉

〈/body〉

〈/html〉

Slightly modify the above such as IP address information, the program can be run.

Of course, the above only implements the firewall function in a page. If a site has more than one page, you can set a session variable to flag the user, in the following pages are judged.