前一段时间做了模拟Http请求,那么我们应该怎么做可以阻止用户模拟Http请求了,在这里推荐一个方法:就是访问时间差和访问次数。我们把数据访问的IP存放到数据库,以便我们以后查看。
首先建立数据表和存储过程
CREATE TABLE [dbo].[IPAccess](
[IP] [varchar](50) COLLATE Chinese_PRC_CI_AS NOT NULL,
[Times] [bigint] NULL,
[State] [bit] NULL,
[LastDataTime] [datetime] NULL,
CONSTRAINT [PK_IPAccess] PRIMARY KEY CLUSTERED
(
[IP] ASC
)WITH (IGNORE_DUP_KEY = OFF) ON [PRIMARY]
) ON [PRIMARY]
CREATE PROC GetIpState
(
@IP VARCHAR(50) ,
@TimeCount INT ,
@State BIT OUTPUT
)
AS
BEGIN
DECLARE @count BIGINT
SELECT @count = COUNT(0)
FROM dbo.IPAccess
WHERE IP = @IP
IF ( @count IS NULL
OR @count = 0
)
BEGIN
SET @State = 1 ;
INSERT dbo.IPAccess
( IP, Times, State, LastDataTime )
VALUES ( @IP, 1, -- Times - bigint
@State, -- States - bit
GETDATE() -- LastDataTime - nchar(10)
)
END
ELSE
BEGIN
DECLARE @lastTime DATETIME
DECLARE @times BIGINT
SELECT @State = STATE ,
@lastTime = LastDataTime ,
@times = Times
FROM dbo.IPAccess
WHERE IP = @IP
DECLARE @timeNow DATETIME
SET @timeNow = GETDATE()
IF ( DATEDIFF(mi, @lastTime, @timeNow) < 1 )
BEGIN
IF ( @times <= @TimeCount )
BEGIN
SET @State = 1 ;
UPDATE dbo.IPAccess
SET State = @State ,
LastDataTime = @timeNow ,
Times = Times + 1
WHERE IP = @IP
END
ELSE
BEGIN
SET @State = 0 ;
UPDATE dbo.IPAccess
SET State = @State
WHERE IP = @IP
END
END
ELSE
BEGIN
SET @State = 1 ;
UPDATE dbo.IPAccess
SET State = @State ,
LastDataTime = @timeNow ,
Times = Times + 1
WHERE IP = @IP
END
END
SELECT @State
END
为了让程序灵活一点 我们采用写配置文件的方式
<!-- 防止爬网 每个分钟指定的Ip访问次数-->
<add key="TimesCount" value ="60"/>
<add key="IsEnanle" value ="true"/> <!--是否启用Ip限制-->
数据访问层
public static bool GetIPAccess(string Ip,int timesCount)
{
Database database = DatabaseFactory.CreateDatabase();
DBCommandWrapper queryCommand = database.GetStoredProcCommandWrapper("GetIpState");
queryCommand.AddInParameter("@IP", DbType.String, Ip);
queryCommand.AddInParameter("@TimeCount", DbType.Int16, timesCount);
bool state = false;
queryCommand.AddOutParameter("@State", DbType.Boolean, sizeof(bool));
int result = database.ExecuteNonQuery(queryCommand);
state = Convert.ToBoolean(queryCommand.GetParameterValue("@State"));
return state;
}
数据管理层
public static bool GetIPAccess(string Ip)
{
string strEnable = ConfigurationManager.AppSettings["IsEnanle"];
if (Utilities.IsNullOrEmpty(strEnable) )
return true;
bool isEnable = false;
bool.TryParse(strEnable, out isEnable);
if (isEnable)
{
int timesCount = Convert.ToInt32(ConfigurationManager.AppSettings["TimesCount"]);
return UserAccess.GetIPAccess(Ip, timesCount);
}
return true;
}
在Global中调用
protected void Application_BeginRequest(object sender, EventArgs e)
{
string result = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
if (null == result || String.Empty == result)
{
result = HttpContext.Current.Request.UserHostAddress;
}
string strulr = HttpContext.Current.Request.Url.AbsoluteUri.ToLower();
if(strulr.Contains(".aspx"))
{
bool canAccess = UserManager.GetIPAccess(result);
if (!canAccess)
{
Response.Clear();
Response.Write("<center><h1 style=/"color:Red/">该IP暂时不能访问该系统</h1></center>");
this.CompleteRequest();
}
}
}
就可以了哈哈
Asp.net 防止模拟Http请求
最新推荐文章于 2024-08-04 22:35:07 发布