Asp.net uses ashx to analyze the principles of image anti-leech Protection

Analyze the leeching principle directly: Check the data sent by HTTP intercepted by httpwatch.
GET/IMG. ashx? Img1_svn_work.gif HTTP/1.1
Accept :*/*
Referer: http://www.jb51.net/
Accept-language: ZH-CN
UA-CPU: x86
Accept-encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;. Net CLR 1.1.4322;. Net CLR 2.0.50727;. Net CLR 3.0.04506.648;. Net CLR 3.5.21022; CIBA)
HOST: http://www.jb51.net/
Connection: keep-alive

The packet represents the request http://www.jb51.net/Img.ashx? Img1_svn_work.gif file. We can see that Referer indicates the address of the previous page request page, that is, the file source. Host indicates the host address of the current request.
The following is a leeching data packet.
GET/IMG. ashx? Img1_svn_work.gif HTTP/1.1
Accept :*/*
Referer: http://745.cc/
Accept-language: ZH-CN
UA-CPU: x86
Accept-encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;. Net CLR 1.1.4322;. Net CLR 2.0.50727;. Net CLR 3.0.04506.648;. Net CLR 3.5.21022; CIBA)
HOST: http://www.jb51.net/
Connection: keep-alive
We can see that the above two data, indicating for the same file: http://www.jb51.net/Img.ashx? In the request process of imgw.svn_work.gif, the difference here is the Referer, that is, all requests to the same file, but the request sources are different. Therefore, we can judge in the program whether it is from the current server to determine whether it is leeching. After understanding the principles, it is very easy to implement anti-leech. The following uses image anti-leech as an example. Add an IMG. ashx file to ASP. NET, and the background code is as follows:

Code
Using system;
Using system. collections;
Using system. Data;
Using system. Web;
Using system. Web. Services;
Using system. Web. Services. Protocols;
Namespace getimage
{
/// <Summary>
/// $ Codebehindclassname $ abstract description
/// </Summary>
[WebService (namespace = "http://tempuri.org/")]
[Webservicebinding (conformsto = wsiprofiles. basicprofile1_1)]
Public class IMG: ihttphandler
{
Public void processrequest (httpcontext context)
{
Context. response. contenttype = "image/jpg ";
If (context. Request. urlreferrer! = NULL & context. Request. urlreferrer. Host. Equals (context. Request. url. Host, stringcomparison. invariantcultureignorecase ))
Context. response. writefile (context. server. mappath ("~ /"+ Context. Request. querystring [" IMG "]);
Else
Context. response. writefile (context. server. mappath ("~ /Logo.gif "));
}
Public bool isreusable
{
Get {return false ;}
}
}
}

If the source is not empty and the source server is the same as the current server, it indicates normal access and non-leeching. Access the file content normally.
Otherwise, it is leeching and the Website Logo is returned.
You can even make a random return of the correct picture, random return of the wrong picture, or regular return of the correct picture, regular return of the wrong picture.
Then, the image is used. In this case, the image is not directly used <input type = "image" src = "svn_work.gif"/>, instead, <input type = "image" src = "/IMG. ashx? Imgw.svn_work.gif "/>, that is, reading images through IMG and ashx. If someone else leeching, use the following code: <input type = "image" src = "http://www.jb51.net/Img.ashx? Img1_svn_work.gif "/>.