Java Implementation skips site Referer check

In order to prevent hotlinking, some pages of the website blocked from the non-site link entry, in order to circumvent this problem, can be achieved by the following ways:

1, in the need to jump the JS use the following statement:

var arg = ' \u003cscript\u003elocation.replace ' ("' +searchurl+ '") \u003c/script\u003e '; window.open (' javascript:window.name; ', ARG);  

After testing, the above way in chrome, but in IE and Firefox is not working, in order to be able to support more browsers, you can make appropriate changes on this basis.

2. To increase the HTTPS configuration for Tomcat, add a servlet to the system, set the Searchurl address of the first step to the access address of the servlet, and ensure that the address is an HTTPS address. You then use the Sendredirect method to jump through the servlet. The purpose of this is to make the request received by the target website come from HTTPS, and the referer information of HTTPS is not transmitted.

After the above two steps, IE has been able to access the page normally, but Firefox still can not, although it does not put HTTPS address in referer, but it will request https the address in the inside, resulting in the request is still blocked by the target site. In this case for Firefox, you can modify the value of the configuration item Network.websocket.allowInsecureFromHTTPS to false evasion by About:config.

With the above settings, you can skip referer interception at the target site.

　　

Reference URL:

http://segmentfault.com/q/1010000000123441

Http://evilcos.me/?p=46

Java Implementation skips site Referer check