html 禁止直接访问页面,防止直接访问节点js中的html页面

如果您正在使用Express您可以在中间件检查引用者有这样的事情，它需要你的确切目的，您应该进一步适应：

var express = require('express')

var app = express()

permittedLinker = ['localhost', '127.0.0.1']; // who can link here?

app.use(function(req, res, next) {

var i=0, notFound=1, referer=req.get('Referer');

if ((req.path==='/') || (req.path==='')) next(); // pass calls to '/' always

if (referer){

while ((i

notFound= (referer.indexOf(permittedLinker[i])===-1);

i++;

}

}

if (notFound) {

res.status(403).send('Protected area. Please enter website via www.mysite.com');

} else {

next(); // access is permitted, go to the next step in the ordinary routing

}

});

app.get('/', function(req,res){

res.send('

Hello. You are at the main page.

page 2');

});

app.get('/page2', function(req,res){

res.send('

You are at page 2

');

});

app.listen(3000); // test at http://localhost:3000

测试(与对策)

我们能否获取主页？ 是

wget http://localhost:3000/

--2014-10-10 04:01:18-- http://localhost:3000/

Resolving localhost (localhost)... 127.0.0.1

Connecting to localhost (localhost)|127.0.0.1|:3000... connected.

HTTP request sent, awaiting response...

200 OK

Length: 67 [text/html]

Saving to: ‘index.html’

我们能直接拿到第二页？ 没有

wget http://localhost:3000/page2

--2014-10-10 04:04:34-- http://localhost:3000/page2

Resolving localhost (localhost)... 127.0.0.1

Connecting to localhost (localhost)|127.0.0.1|:3000... connected.

HTTP request sent, awaiting response... 403 Forbidden

2014-10-10 04:04:34 ERROR 403: Forbidden.

我们能否从第一页获得的第二页？ 是

wget --referer="http://localhost" http://localhost:3000/page2

--2014-10-10 04:05:32-- http://localhost:3000/page2

Resolving localhost (localhost)... 127.0.0.1

Connecting to localhost (localhost)|127.0.0.1|:3000... connected.

HTTP request sent, awaiting response...

200 OK

Length: 24 [text/html]

Saving to: ‘page2’

可以在任何脚本小子学会使用wget --referer战胜这种“保护”方案？

是的。它只会阻止诚实的人。不是真的想要内容的人。