Asp+sql Server Building Web Firewall

Source: Internet
Author: User
Tags dsn log connect odbc servervariables variable microsoft frontpage firewall
asp+|server| Firewall | The main purpose of setting up firewalls for Web pages is to provide different services to different visitors based on the content of the Web page, and we can easily do this with Java script or VB script. But the source of the Web page in the client browser can be seen, visitors can view the user identification method used, this is only a surface form of the firewall. ASP is the middle tier of client/server architecture on the Web, although it is written using scripting language (Java script,vb script, etc.), program code runs on the server, and the client sees only dynamic HTML files exported by ASP, but the ASP still has some vulnerabilities. Take certain means can also see the source code of the ASP program. At this time, through ASP andWith SQL Server, we can design simple, efficient, and reliable applications. The following is a brief introduction to its establishment process.

I. Establishment of LOGIN

Create login and password for visitors on SQL Server.

Second, create a database DSN on a network server

Use the ODBC Data Source Administrator in Control Panel to create an ODBC data resource name for a database, DSN, so that you can later connect to a specific database by using a database DSN.

The ODBC Data Source Administrator provides three types of DSN, User DSN, System DSN, and File DSN, respectively. Where the user DSN will save the appropriate configuration information in WindowsRegistry, but only the logged-on user who created the DSN is allowed to use it. The System DSN also saves the configuration information in the system registry, but unlike the user DSN, the System DSN allows all users who log on to the server to use it.

Unlike the two database DSNs, the file DSN saves specific configuration information in a specific file on your hard disk. File DSNs allow all users who log on to the server to use it, and can provide access support for the database DSN even if no user is logged on. In addition, because the file DSN is saved in the hard disk file, it can be easily copied to another machine. This allows users to make any changes to the system registry and use DSN created on other machines directly.

In the above three database DSNs, it is recommended that the user select the System DSN or file DSN, if the user prefers File DSN portability, you can pass the NT SystemAccess to the set of files to obtain a higher security protection.

To create a new DSN, the user first selects Add, and then in the pop-up window, selects the type of database to which the user will establish the connection and selects the SQL Server item in the list. If the user is creating a file DSN, click the Next button and in the subsequent dialog box, enter the filename and save path for the file DSN that you want to create. If the user is creating a System DSN, click Finish.

After the database has been selected, the user needs to set up the database DSN. Users need to select the specific server that provides the database service, set the login username and password, and the database to which the user will connect.

Third, program design

The next thing to implement is a simple page firewall function. This page restricts access to the intranet of the Organization (assuming that the IP address of the intranet is from 10.61.96. to 10.65.97.) and requires an access username and password if it is an external user of the organization. Here you use the ServerVariables property of the Request object to obtain the value of the environment variable.

Program source code (FIREWALL.ASP) is as follows:

<meta http-equiv= "Content-type" content= "text/html; Charset=gb_2312-80 ">
<meta name= "generator" content= Microsoft FrontPage Express2.0 ">
<title> firewall.asp </title>
<body background= "#800080" >
<%
' Use Request.ServerVariables (' remote_addr ') to get the IP address and save it in the variable Remoteip
Remoteip=request.servervariables ("REMOTE_ADDR")
Stip=cstr (REMOTEIP)
Gets the value of the third segment of the IP address and saves it to the STIP
For I=1 to 2
Stip=right (Stip,len (STIP)-instr (1,stip, "."))
Next
Stip=left (Stip,instr (1,stip, ".") -1)
' IP address validity test and password verification, including two aspects: if the IP address is met by authentication; If the IP address does not match, verify that the username and password are entered correctly
if (left (remoteip,5) <> "10.61" or stip< "or stip>") then
Username=request.form ("T1")
Password=request.form ("T2")
Set fs = CreateObject ("Scripting.FileSystemObject")
Set thisfile = fs. OpenTextFile ("Dsn.txt")
DB_loc=thisfile.readline
Thisfile.close
cnstr=db_loc&& "uid=" &&username&& ";" && "Pid=" &&password
On Error Resume Next
Set Cn=server.createobject ("Adodb.connection")
Cn.open cnstr
If err=3709 then%>
<p> <font color= "#FF0000" > Sorry, User: <%=username%> no access, or incorrect password! <BR> </font> </p>
<form method= "POST" >
<p align= "Center" user name: <input type= "text" name= "T1" size= "20" > password: <input type= "password" name= "T2" size= "><input" type = "Submit" value= "submitted" name= "B1" ><input type= "reset" value= "all Rewrite" name= "B2"
</p>
</form>
<%end if
Cn.close
Set cn=nothing%>
<%else%>
Congratulations, you have passed the verification, you can directly use the resources of this site!
<%end if%>
</body>
Slightly modify the above such as IP address information, the program can be run.

Of course, the above only implements the firewall function in a page. If a site has more than one page, you can set a session variable to flag the user, in the following pages are judged.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.