严格过滤httprequest

13 篇文章 0 订阅
protected void Application_BeginRequest(Object sender, EventArgs e)
        {
           
// SQL防注入
            string Sql_1 = " exec|insert+|select+|delete|update|count|chr|mid|master+|truncate|char|declare|drop+|drop+table|creat+|creat+table " ;
           
string Sql_2 = " exec+|insert+|delete+|update+|count(|count+|chr+|+mid(|+mid+|+master+|truncate+|char+|+char(|declare+|drop+|creat+|drop+table|creat+table " ;
           
string [] sql_c = Sql_1.Split( ' | ' );
           
string [] sql_c1 = Sql_2.Split( ' | ' );
  
           
if (Request.QueryString != null )
            {
               
foreach ( string sl in sql_c)
                {
                   
if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0 )
                    {
                        Response.Write(
" 警告!你的IP已经被记录! " ); // 吓唬人的
                        Response.Write(sl);
                        Response.Write(Request.QueryString.ToString());
                       
// System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.F
                       
// orms.MessageBoxButtons.OK,System.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
                       
// Response.Redirect(" http://www.163.com ");
                        Response.End();
                       
break ;
                    }
                }
            }
  
           
if (Request.Form.Count > 0 )
            {
   
               
string s1 = Request.ServerVariables[ " SERVER_NAME " ].Trim(); // 服务器名称
                if (Request.ServerVariables[ " HTTP_REFERER " ] != null )
                {
                   
string s2 = Request.ServerVariables[ " HTTP_REFERER " ].Trim(); // http接收的名称
                    string s3 = "" ;
                   
if (s1.Length > (s2.Length - 7 ))
                    {
                        s3
= s2.Substring( 7 );
                    }
                   
else
                    {
                        s3
= s2.Substring( 7 ,s1.Length);
                    }
                   
if (s3 != s1)
                    {
                        Response.Write(
" 你的IP已被记录!警告! " ); // 吓人的
                       
// System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.Forms.MessageBoxButtons.OK,Sy
                       
// stem.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
                       
// Response.Redirect(" http://www.163.com ");
                        Response.End();
                    }
                }
            }
        }
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值