The blessings of the asp.net2.0 Thunder wrath hotlinking

asp.net

The so-called hotlinking refers to other sites to our site's file link posted to their station, so in vain to occupy our bandwidth. The visit to the website hotlinking behavior, is very immoral. To implement an anti-theft chain, we have to intercept the URL when IIS handles it.

Effect Chart:

Before the alarm chain: HM is my machine name, with http://hm/myweb/default.aspx and Http://localhost/myweb/default access results.
This picture is being trampled on.

Added the anti-theft chain, although still the same site but Http://hm/myweb/default.aspx has not been able to access the flower pictures, was replaced by the following pictures:

Added the anti-theft chain after using localhost or normal! Http://localhost/myweb/default access results are the same.

Principle:

In fact, HM is my machine, but because the server domain name is localhost so even the same site can not access, so let alone
Www. other site domain name . com such sites steal our resources. The key is that IIS filters all requests to see if the site domain name.

All code:

Web.config
<?xml version= "1.0"?>
<!--
Note: In addition to manually editing this file, you can also use the
WEB Administration Tool to configure settings for your application. Can be used in Visual Studio
The Web site-> the asp.net configuration option.
The complete list of settings and comments is
Machine.config.comments, this file is typically located in the
In \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<add verb= "*" path= "*.jpg" type= "Myhandler,app_code"/>
<!--
Set compilation debug= "True" to insert debug symbols
Pages that have been compiled. But since this will
Affect performance, so this value is only in the development process
Set to True.
-->
<compilation debug= "true"/>
<!--
The <authentication> section allows you to configure the asp.net used by
Secure authentication Mode,
To identify the incoming user.
-->
<authentication mode= "Windows"/>
<!--
If an unhandled error occurs during the execution of the request,
The <customErrors> section allows you to configure the appropriate processing steps. Specifically
The section enables developers to configure
HTML error page to display
In place of the error stack trace.

<customerrors mode= "RemoteOnly" defaultredirect= "genericerrorpage.htm" >
<error statuscode= "403" redirect= "noaccess.htm"/>
<error statuscode= "404" redirect= "filenotfound.htm"/>
</customErrors>
-->
</system.web>
</configuration>

Myhandler.cs When you create a new Myhandler.cs class system prompts you to put in the App_Code
Using System;
Using System.Web;

<summary>
Summary description of MyHandler
</summary>

public class Myhandler:ihttphandler
{
public void ProcessRequest (HttpContext context)
{
String FileName = context. Server.MapPath (context. Request.filepath);
if (context. Request.UrlReferrer.Host = null)
{
Context. Response.ContentType = "Image/jpeg";
Context . Response.WriteFile ("~/no.gif");/replaced picture
}
Else
{
if (context. Request.UrlReferrer.Host.IndexOf ("localhost") >-1)//This is your domain name.
{
Context. Response.ContentType = "Image/jpeg";
Context. Response.WriteFile (FileName);
}
Else
{
Context. Response.ContentType = "Image/jpeg";
Context. Response.WriteFile ("~/no.gif");
}
}
}
public bool IsReusable
{
get {return true;}
}
Public MyHandler ()
{
}
}

Default.aspx
<! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">

<title> qingqing Moon http://blog.csdn.net/21aspnet</title>
<body>
<form id= "Form1" runat= "Server" >
<div>
</div>
</form>
</body>

Http://www.pushad.com/Info/pic130.jpg

No.gif

Configuration of IIS:

To configure Application extensions: Add a. jpg extension!

Note: In the local Context . Request.UrlReferrer.Host is localhost,
I started to think that http://localhost/A/and http://localhost/B/were different context . Request.UrlReferrer.Host, that's a big mistake. the context of http://localhost/A/ and http://localhost/B/ . Request.UrlReferrer.Host are all localhost, so test a localhost, so, local test machine name For example, my is HM test can. After processing with machine name access is not, although still the same site, the same file, please pay more attention here.

The following is how to prevent RAR files from the main station download: methods and pictures similar, but download we forced them to our site.

1, first create a class library project ClassLibrary1:

Using System;

Using System.Web; Referencing system.web components

public class Myhandler:ihttphandler

{

Public MyHandler ()

{

}

#region IHttpHandler Members

public void ProcessRequest (HttpContext context)

{

Jump to WebForm1.aspx, output rar file by WebForm1.aspx

HttpResponse response = context. Response;

Response. Redirect (".. /manage/downloads.aspx ");

}

public bool IsReusable

{

Get

{

TODO: Add myhandler.isreusable Getter Implementation

return true;

}

}

#endregion

}

2, add the following nodes in the profile Web.config file node:

<add verb= "*" path= "*.rar" type= "Myhandler,app_code"/>

3, in the WebForm1.aspx to add a text "Download" button, its Click event is as follows:

Be careful not to forget the using System.IO;

private void Button1_Click (object sender, System.EventArgs e)
{
FileInfo file = new System.IO.FileInfo (Server.MapPath ("1.rar"));
Response.Clear ();

Response.AddHeader ("Content-disposition", "filename=" + file. Name);

Response.AddHeader ("Content-length", file. Length.tostring ());

String fileextension = file. Extension;

Specifies the MIME type of a file based on the file suffix

Switch (fileextension)

{

Case ". mp3":

Response.ContentType = "Audio/mpeg3";

Break

Case "MPEG":

Response.ContentType = "Video/mpeg";

Break

Case "JPG":

Response.ContentType = "Image/jpeg";

Break

Case "..... And so on ":

Response.ContentType = "...";

Break

Default

Response.ContentType = "Application/octet-stream";

Break

}

Response.WriteFile (file. FullName);

Response.End ();

}

4, the final step is to add an application extension in IIS. In the Default Web site-> Properties-> The home directory-> configuration. In the pop-up Application Configuration window, press Add, and in the pop-up Add/Edit Application Extension Mapping window, select executable file C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_ Isapi.dll, enter ". rar" in the extension, and then OK.

5, in IE input http://localhost/web/1.rar, will immediately jump to http://localhost/web/WebForm1.aspx, and then press webform1.aspx "Download" button can download 1.rar.