Re: ASP.NET 防盗链源码-CSDN博客

/**/ /*

* 防盗链IHttpHandler

* 增加了对文件关键字的选择(即仅对文件名存在某些关键字或不存在某些关键字进行过滤)

* 设置web.config中<appSettings>节以下值

* string eWebapp_NoLink 如果文件名符合该正确表态式将进行过滤(不设置对所有进行过滤)

* string eWebapp_AllowLink 如果文件名符合该正确表态式将不进行过滤(优先权高于AllowLink,不设置则服从AllowLink)

* bool eWebapp_ AllowOnlyFile 如果为False,(默认true)则不允许用户直接对该文件进行访问建议为true

* :)以下设置均可省略,设置只是为了增加灵活性与体验

* eWebapp_NoLink_Message 错误信息提示:默认为Link From:域名

* eWebapp_Error_Width 错误信息提示图片宽

* eWebapp_Error_Height 错误信息提示图片高

* 2005-9-11 创建

* http://ewebapp.net

using System;

using System.Web;

using System.Drawing;

using System.Drawing.Imaging;

using System.IO;

using System.Configuration;

using System.Text.RegularExpressions;

namespace eWebapp

{

/**//// <summary>

/// 防盗链IHttpHandler

/// 参考http://www.softat.org/archiver/tid-52114.html

/// 垃圾猪 2005-9-12 修正

/// </summary>

public class NoLink : IHttpHandler

{

private string eWebapp_NoLink = string.Empty;

private string eWebapp_AllowLink = string.Empty;

private bool eWebapp_AllowOnlyFile = true;

private string eWebapp_NoLink_Message = string.Empty;

private bool error = false;

public NoLink()

{

// TODO: 在此处添加构造函数逻辑

}

public void ProcessRequest(HttpContext context)

{

eWebapp_NoLink_Message = ConfigurationSettings.AppSettings["eWebapp_NoLink_Message"];

string myDomain = string.Empty;

error = errorLink(context, out myDomain);

if (Empty(eWebapp_NoLink_Message))

{

eWebapp_NoLink_Message = "Link from :" + myDomain;

}

if (error)

{

//Jpg(context.Response,eWebapp_NoLink_Message);

Jpg(context.Response, eWebapp_NoLink_Message);

}

else

{

Real(context.Response, context.Request);

}

public bool IsReusable

{

get

{

return true;

}

/**//// <summary>

/// 输出错误信息

/// </summary>

/// <param name="Response"></param>

/// <param name="_word"></param>

private void Jpg(HttpResponse Response, string _word)

{

int myErrorWidth = _word.Length * 15;

int myErrorHeight = 16;

try

{

int _myErrorWidth = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Width"]);

if (_myErrorWidth > 0)

{

myErrorWidth = _myErrorWidth;

}

catch

{

}

try

{

int _myErrorHeight = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Height"]);

if (_myErrorHeight > 0)

{

myErrorHeight = _myErrorHeight;

}

catch

{

}

Bitmap Img = null;

Graphics g = null;

MemoryStream ms = null;

Img = new Bitmap(myErrorWidth, myErrorHeight);

g = Graphics.FromImage(Img);

g.Clear(Color.White);

Font f = new Font("Arial", 9);

SolidBrush s = new SolidBrush(Color.Red);

g.DrawString(_word, f, s, 3, 3);

ms = new MemoryStream();

Img.Save(ms, ImageFormat.Jpeg);

Response.ClearContent();

Response.ContentType = "image/Gif";

Response.BinaryWrite(ms.ToArray());

g.Dispose();

Img.Dispose();

Response.End();

}

/**//// <summary>

/// 输出真实文件

/// </summary>

/// <param name="response"></param>

/// <param name="context"></param>

private void Real(HttpResponse response, HttpRequest request)

{

FileInfo file = new System.IO.FileInfo(request.PhysicalPath);

response.Clear();

response.AddHeader("Content-Disposition", "filename=" + file.Name);

response.AddHeader("Content-Length", file.Length.ToString());

string fileExtension = file.Extension.ToLower();

//这里选择输出的文件格式

//可以参考http://ewebapp.cnblogs.com/articles/234756.html增加对更多文件格式的支持.

switch (fileExtension)

{

case "mp3":

response.ContentType = "audio/mpeg3";

break;

case "mpeg":

response.ContentType = "video/mpeg";

break;

case "jpg":

response.ContentType = "image/jpeg";

break;

case "bmp":

response.ContentType = "image/bmp";

break;

case "gif":

response.ContentType = "image/gif";

break;

case "doc":

response.ContentType = "application/msword";

break;

case "css":

response.ContentType = "text/css";

break;

default:

response.ContentType = "application/octet-stream";

break;

}

response.WriteFile(file.FullName);

response.End();

}

/**//// <summary>

/// 确认字符串是否为空

/// </summary>

/// <param name="_value"></param>

/// <returns></returns>

private bool Empty(string _value)

{

if (_value == null | _value == string.Empty | _value == "")

{

return true;

}

else

{

return false;

}

/**//// <summary>

/// 检查是否是非法链接

/// </summary>

/// <param name="context"></param>

/// <param name="_myDomain"></param>

/// <returns></returns>

private bool errorLink(HttpContext context, out string _myDomain)

{

HttpResponse response = context.Response;

string myDomain = context.Request.ServerVariables["SERVER_NAME"];

_myDomain = myDomain;

string myDomainIp = context.Request.UserHostAddress;

eWebapp_NoLink = ConfigurationSettings.AppSettings["eWebapp_NoLink"];

eWebapp_AllowLink = ConfigurationSettings.AppSettings["eWebapp_AllowLink"];

try

{

eWebapp_AllowOnlyFile = Convert.ToBoolean(ConfigurationSettings.AppSettings["eWebapp_AllowOnlyFile"]);

}

catch

{

eWebapp_AllowOnlyFile = true;

}

if (context.Request.UrlReferrer != null)

{

//判定referDomain是否存在网站的IP或域名

string referDomain = context.Request.UrlReferrer.AbsoluteUri.Replace(context.Request.UrlReferrer.AbsolutePath, "");

string myPath = context.Request.RawUrl;

if (referDomain.IndexOf(myDomainIp) >= 0 | referDomain.IndexOf(myDomain) >= 0)

{

return false;

}

else

{

//这里使用正则表达对规则进行匹配

try

{

Regex myRegex;

//检查允许匹配

if (!Empty(eWebapp_AllowLink))

{

myRegex = new Regex(eWebapp_AllowLink);

if (myRegex.IsMatch(myPath))

{

return false;

}

//检查禁止匹配

if (!Empty(eWebapp_NoLink))

{

myRegex = new Regex(eWebapp_NoLink);

if (myRegex.IsMatch(myPath))

{

return true;

}

else

{

return false;

}

return true;

}

catch

{

//如果匹配出错，链接错误

return true;

}

else

{

//是否允许直接访问文件

if (eWebapp_AllowOnlyFile)

{

return false;

}

else

{

return true;

}

转载于:https://www.cnblogs.com/zhangh/archive/2007/10/23/935333.html