Anti-Theft chain If we know the actual path of a static file such as: Http://www.xx.com/download/51windows.pdf, if the server does not make special restrictions, we can easily download it down! When the site provides 51windows.pdf download, how to let the download can not get his actual path it! This article describes how to use ASP to hide the actual download path of a file.
When we manage Web site files, we can put the same file name extension under the same directory, a more special names, such as the PDF file directory for the_pdf_file_s, save the following code as down.asp, his online path is http://www.xx.com/ Down.asp, can we use http://www.xx.com/down.asp? Filename=51windows.pdf to download this file, and the download can not see the actual download path of this file! In down.asp we can also set whether the download file need to log in, to determine whether the source page of the download is an external site, so you can prevent files from being hotlinking.
Here is the sample code: <% From_url = Cstr (Request.ServerVariables ("Http_referer")) Serv_url = Cstr (Request.ServerVariables ("SERVER_NAME")) If Mid (From_url,8,len (serv_url)) <> Serv_url Then Response.Write "Illegal link! "' Prevent hotlinking Response.End End If
If Request.Cookies ("logined") = "" Then Response.Redirect "/login.asp" needs landing! End If Function GetFileName (longname) '/folder1/folder2/file.asp=>file.asp While InStr (LongName, "/") LongName = Right (Longname,len (longname)-1) Wend GetFileName = longname End Function Dim Stream Dim Contents Dim FileName Dim Truefilename Dim Fileext Const adTypeBinary = 1 filename = request.querystring ("filename") If FileName = "" Then Response.Write "Invalid filename! " Response.End End If Fileext = Mid (filename, InStrRev (filename, ".") + 1) Select case UCase (Fileext) Case "ASP", "ASA", "ASPX", "ASAX", "MDB"
Response.Write "Illegal Operation! " Response.End End Select Response.Clear If LCase (filename,3) = "gif" or LCase (right (filename,3) = "jpg" or LCase (right (filename,3)) = "png" Then Response.ContentType = "image/*" does not appear on the image File Download dialog box Else Response.ContentType = "Application/ms-download" End If Response.AddHeader "Content-disposition", "attachment"; Filename= "& GetFileName (Request.QueryString (" FileName ")) Set Stream = server. CreateObject ("ADODB.") Stream ") Stream.type = adTypeBinary Stream.open If LCase (right (filename,3) = "PDF" then "set PDF type file directory
Truefilename = "/the_pdf_file_s/" &filename End If If LCase (right (filename,3) = "Doc" then "Set Doc type file directory Truefilename = "/my_d_o_c_file/" &filename End If If LCase (filename,3) = "gif" or LCase (right (filename,3) = "jpg" or LCase (right (filename,3)) = "png" Then Truefilename = "/all_images_/" &filename set image file directory End If Stream.loadfromfile Server.MapPath (Truefilename) While not Stream.eos Response.BinaryWrite Stream.read (1024 * 64) Wend Stream.Close Set Stream = Nothing Response.Flush Response.End %> |