凤姐艺妓录&防盗链

实验:通过referer信息防盗链:

原理图:


例子:通过实例实现防盗链

1.建立一个访问的servlet-->FengJieServlet:

package cn.itheima.request;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FengJieServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		String refer = request.getHeader("Referer");
		if(refer==null||"".equals(refer)||!refer.startsWith("http://localhost"))
		{
			response.sendRedirect(request.getContextPath()+"/index.html");
			return;
		}
		response.setContentType("text/html;charset=utf-8");
		response.getWriter().write("我在黑马的记忆录....收货了很多很多");
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}


}
2.在host为localhost下建立一个html文件命名为index.html.在其中有一个超链接可以点击转到FengJieServlet....(这个FengJieServlet是localhost的专有。为了防止其他网站盗用链接,因此,使用了防盗链的技术,下面试核心代码,根绝referer头判断host....然后拦截...)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>index.html</title>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">   
    <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->

  </head>
<body>
   <a href="/day04/servlet/FengJieServlet">凤姐的回忆录</a>
</body>
</html>
3.为了盗用localhost的信息,我们在tomcat建立虚拟目录...www.361.com虚拟目录

修改tomcat-->>conf-->server.xml文件,添加如下代码:

<Host name="www.361.com" appBase="E:\test"></Host>
4.在E:\test建立ROOT文件夹,然后再ROOT文件夹中建立index.html.也指向了localhost虚拟主机下的FengJieServlet


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>index.html</title>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">   
    <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->

  </head>
<body>
   <a href="http://localhost:8080/day04/servlet/FengJieServlet">凤姐的回忆录</a>
</body>
</html>
我们进行访问:如果是localhost进行访问,不进行连接,如果是www.361.com的host就进行拦截,拦截之后重定向localhost的主页、

点击www.361.com的超链接:我们发现他被拦截了....重定向到了localhost




已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页