XMLHTTP and anti-theft chain

xml| anti-theft Chain

We can use XMLHTTP to read the file information, and then transfer to the client, so that we can hide the real address of the file. Thus playing a little bit to prevent the hotlinking function.

In this file, we can use many methods to determine the user identity, including the source of the Url,cookie data, even IP flags.

<%@ codepage=65001%>

<%

Response.buffer=false

Re_url = Lcase (Request.ServerVariables ("Http_referer"))

' Get the URL of the source page

MyDomain = Lcase (Request.ServerVariables ("SERVER_NAME"))

' Get the domain name of this page can also be specified directly

If Mid (Re_url,8,len (mydoain)) <> Mydomian Then

Response.Write "URL Wrong"

' or redirect

Response.End ()

End If

%>

Niceidea signed a souvenir.

This is the most used to prevent the Hotlinking method, check whether the linked page is a foreigner, if it is external link, refuse to download.

The safer way to do this is to use cookies to verify that the address is the same as when you click on an ad in the usual way.

The best way is to install an anti-theft chain software, ASP script comparison is based on IIS. <%

Dim file_url,objxmlhttp

File_url= "Http://localhost/11.rar"

' We can read the software from the database

Set objxmlhttp = Server.CreateObject ("Msxml2.serverxmlhttp")

Objxmlhttp.open "Get", File_url,false

Objxmlhttp.send () If objxmlhttp.status<> "Then"

Response.Write ("File missing. ")

Else

Response.ContentType = "Application/octet-stream"

Response.AddHeader "Content-disposition", "attachment"; Filename= "&" 11.rar "

Response.BinaryWrite Objxmlhttp.responsebody

End IFSet Obixmlhttp=nothing

Response.End ()

%> This approach has obvious drawbacks, it needs to exchange data within the server, which increases the burden on the server, similar to the opening of a temporary agent; it's best to set the response buffer property to False. iis6.0 's ASP cache size is 4m, large files or multiple file buffers are easy to make the server a machine.

But its advantage is to prevent hotlinking, because there is no information about the real address sent to the final client.

A more efficient way to use is to solve some of the site's image anti-theft chain function.

For example, NetEase albums, there is the ability to prevent Cross-domain hotlinking.

The following file:

and write another getimg.asp.

<%

Response.buffer=true

Dim File_url

File_url=request.querystring ("Imgsrc")

Set objxmlhttp = Server.CreateObject ("Msxml2.serverxmlhttp")

Objxmlhttp.open "Get", File_url,false

Objxmlhttp.send ()

Response.ContentType = "IMAGE/JEPG"

Response.BinaryWrite Objxmlhttp.responsebody

Set objxmlhttp=nothing

%>

You will find that the first picture is an X and the second one is normal.

In the use of getimg.asp, pay attention to your IIS installed anti-theft chain software, it is best not to let others hotlinking.