Blessing of leeching in ASP. NET2.0 [original month]

Blessing of ASP. net2.0 leeching

Author: qingyueer

Home page:Http://blog.csdn.net/21aspnet/Time: 2007.3.28

The so-called leeching means that other websites post links to the files on their websites, which occupies our bandwidth in vain. Access is very immoral for website leeching. To implement anti-leech protection, we have to intercept URLs in IIS.

:

Before anti-leech protection, Hm is the name of my machine. The access result is the same with http: // hm/myweb/default. aspx and http: // localhost/myweb/default.
This picture was cut.

After Anti-leech protection is added, although it is still the same website, http: // hm/myweb/default. aspx is no longer able to access the flowers and images and is replaced by slices:

It is normal to use localhost after anti-leech protection is added! Http: // localhost/myweb/default has the same access result.

Principle:

In fact, hm is my machine, but because the server domain name is localhost, even the same website cannot be accessed, So let alone
Websites such as www. Other Website domain names. com steal our resources. The key is that IIS filters all requests to see if they belong to the domain name of this site.

All code:

Web. config
<? Xml version = "1.0"?>
<! --
Note: In addition to manually editing this file, you can also use
Web management tools to configure application settings. You can use
"Website"-> "Asp. Net configuration" option.
The complete list of settings and comments is displayed in
In machine. config. comments, this file is usually located in
/Windows/Microsoft. Net/Framework/v2.x/Config
-->
<Configuration>
<AppSettings/>
<ConnectionStrings/>
<System. Web>
<Httphandlers>
<Add verb = "*" path = "*. jpg" type = "myhandler, App_Code"/>
</HttpHandlers>
<! --
Set compilation DEBUG = "true" to insert the debugging symbol
Compiled pages. However, this
Performance is affected, so this value is only available during development.
Set to true.
-->
<Compilation DEBUG = "true"/>
<! --
In the <authentication> section, you can configure
Security Authentication mode,
To identify the user.
-->
<Authentication mode = "Windows"/>
<! --
If an unprocessed error occurs during request execution,
You can configure the corresponding processing steps in the <mermerrors> section. Specifically,
This section allows developers to configure
HTML error page to be displayed
To replace the error stack trace.

<Customerrors mode = "remoteonly" defaultredirect = "genericerrorpage.htm">
<Error statuscode = "403" Redirect = "noaccess.htm"/>
<Error statuscode = "404" Redirect = "filenotfound.htm"/>
</Customerrors>
-->
</System. Web>
</Configuration>

When myhandler. cs creates a myhandler. cs class, the system prompts you to put it in App_Code.
Using system;
Using system. Web;

/// <Summary>
/// Summary of myhandler
/// </Summary>

Public class myhandler: ihttphandler
{
Public void processrequest (httpcontext context)
{
String FileName = context. Server. MapPath (context. Request. FilePath );
If (context. Request. UrlReferrer. Host = null)
{
Context. Response. ContentType = "image/JPEG ";
Context. Response. WriteFile ("~ /No.gif "); // replaced Image
}
Else
{
If (context. Request. UrlReferrer. Host. IndexOf ("Localhost")>-1) // your domain name
{
Context. Response. ContentType = "image/JPEG ";
Context. Response. WriteFile (FileName );
}
Else
{
Context. Response. ContentType = "image/JPEG ";
Context. Response. WriteFile ("~ /No.gif ");
}
}
}
Public bool IsReusable
{
Get {return true ;}
}
Public myhandler ()
{
}
}

Default. aspx
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head runat = "server">
<Title> clear moon http://blog.csdn.net/21aspnet </title>
</Head>
<Body>
<Form id = "form1" runat = "server">
<Div>
</div>
</Form>
</Body>
</Html>

Pic130.jpg

No. GIF

IIS configuration:

Configure the application extension: A. jpg extension!

Note:Context. Request. UrlReferrer. Host is localhost,
I started to think that http: // localhost/A/and http: // localhost/B/are different context. Request. UrlReferrer. Host, which is A big mistake. The context. Request. UrlReferrer. Host of http: // localhost/B/and http: // localhost/B/are both localhost. Therefore, localhost is used for testing.Machine nameFor example, I want to test hm. After processing, access by machine name will not work, although it is still the same site, the same file, please note here.

The following describes how to prevent rarfiles from being downloaded from the main site: The method is similar to the image, but we force them to download the files to our site.

1. First create a class library project ClassLibrary1:

Using System;

Using System. Web; // reference the System. Web Component

 

 

Public class MyHandler: IHttpHandler

{

Public MyHandler ()

{

}

 

# Region ihttphandler Member

Public void processrequest (httpcontext context)

{

// Jump to webform1.aspx and output the rarfile by webform1.aspx

Httpresponse response = context. response;

Response. Redirect ("../manage/downloads. aspx ");

}

 

Public bool isreusable

{

Get

{

// Todo: Add myhandler. isreusable getter implementation

Return true;

}

}

# Endregion

}

 

2. Add the following nodes to the Web. config file:

<HttpHandlers>
<Add verb = "*" path = "*. rar" type = "myhandler, App_Code"/>
</HttpHandlers>

3. Add a "Download" Button in WebForm1.aspx. The Click event is as follows:

Do not forget using System. IO;

Private void button#click (object sender, System. EventArgs e)
{
FileInfo file = new System. IO. FileInfo (Server. MapPath ("1.rar "));
Response. Clear ();

Response. AddHeader ("Content-Disposition", "filename =" + file. Name );

Response. AddHeader ("Content-Length", file. Length. ToString ());

String fileExtension = file. Extension;

 

// Specify the object Mime type based on the file suffix

Switch (fileExtension)

{

Case ". mp3 ":

Response. ContentType = "audio/mpeg3 ";

Break;

Case "mpeg ":

Response. ContentType = "video/mpeg ";

Break;

Case "jpg ":

Response. ContentType = "image/jpeg ";

Break;

Case "...... and so on ":

Response. ContentType = "....";

Break;

Default:

Response. ContentType = "application/octet-stream ";

Break;

}

 

Response. WriteFile (file. FullName );

Response. End ();
 
}

4. Add an application extension in IIS. Choose "default website"> "properties"> "main directory"> "configuration ". In the displayed "application configuration" window, click "add". In the displayed "Add/edit application extension ing" window, select "executable file" C: /Windows/Microsoft. net/framework/v2.0.50727/aspnet_isapi.dll, enter ". rar" in the extended name, and click "OK.

5. Input http: // localhost/web/1.rarin IE to jump to http: // localhost/web/webform1.aspximmediately. Then, download 1.rar from the webform1.aspx的“"".