再nginx集群内设置防盗链
设置防盗链的filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String referer = req.getHeader("referer");
if(null != referer && referer.trim().startsWith("http://localhost:8080/baidu")){
System.out.println("正常页面请求");
chain.doFilter(req, resp);
}else{
System.out.println("盗链");
req.getRequestDispatcher("/html/error.html").forward(req, resp);
}
}
最核心的其实也就是这句 String referer = req.getHeader("referer");
再来看看绕过防盗链的措施
使用iframe方法
使用代码加入header里的refer
def getHttpFile(address,filename){
def f = new File(filename)
if(f.exists()){
return;
}
def file = new FileOutputStream(filename)
def out = new BufferedOutputStream(file)
println 'Download file: ' + filename
def url = new URL(address)
def urlConn = url.openConnection()
urlConn.setRequestProperty('Referer',xxxxxx') //xxx为要访问的目标网站
urlConn.connect()
out << urlConn.getInputStream()
println 'Download over: ' + filename
out.close()
}
都是从header里做手脚