实验:通过referer信息防盗链:
原理图:
例子:通过实例实现防盗链
1.建立一个访问的servlet-->FengJieServlet:
package cn.itheima.request;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class FengJieServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String refer = request.getHeader("Referer");
if(refer==null||"".equals(refer)||!refer.startsWith("http://localhost"))
{
response.sendRedirect(request.getContextPath()+"/index.html");
return;
}
response.setContentType("text/html;charset=utf-8");
response.getWriter().write("我在黑马的记忆录....收货了很多很多");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
2.在host为localhost下建立一个html文件命名为index.html.在其中有一个超链接可以点击转到FengJieServlet....(这个FengJieServlet是localhost的专有。为了防止其他网站盗用链接,因此,使用了防盗链的技术,下面试核心代码,根绝referer头判断host....然后拦截...)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>index.html</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
</head>
<body>
<a href="/day04/servlet/FengJieServlet">凤姐的回忆录</a>
</body>
</html>
3.为了盗用localhost的信息,我们在tomcat建立虚拟目录...www.361.com虚拟目录
修改tomcat-->>conf-->server.xml文件,添加如下代码:
<Host name="www.361.com" appBase="E:\test"></Host>
4.在E:\test建立ROOT文件夹,然后再ROOT文件夹中建立index.html.也指向了localhost虚拟主机下的FengJieServlet
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>index.html</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
</head>
<body>
<a href="http://localhost:8080/day04/servlet/FengJieServlet">凤姐的回忆录</a>
</body>
</html>
我们进行访问:如果是localhost进行访问,不进行连接,如果是www.361.com的host就进行拦截,拦截之后重定向localhost的主页、
点击www.361.com的超链接:我们发现他被拦截了....重定向到了localhost