如果我们知道一个静态文件的实际路径如如果服务器没有作特别的限制设置我们就可以毫不费力的把它下载下来!当网站提供windowspdf下载时怎么样才能让下载者无法得到他的实际路径呢!本文就来介绍如何使用Asp来隐藏文件的实际下载路径
我们在管理网站文件时可以把扩展名一样的文件放在同一个目录下起一个比较特别名字例如放pdf文件目录为the_pdf_file_s把下面代码另存为downasp他的网上路径为我们就可以用?FileName=windowspdf来下载这个文件了而且下载者无法看到这个文件实际下载路径的!在downasp中我们还可以设置下载文件是否需要登陆判断下载的来源页是否为外部网站从而可以做到防止文件被盗链
示例代码:
<%
From_url=Cstr(RequestServerVariables(HTTP_REFERER))
Serv_url=Cstr(RequestServerVariables(SERVER_NAME))
ifmid(From_urllen(Serv_url))<>Serv_urlthen
responsewrite非法链接!防止盗链
responseend
endif
ifRequestCookies(Logined)=then
responseredirect/loginasp需要登陆!
endif
FunctionGetFileName(longname)/folder/folder/fileasp=>fileasp
whileinstr(longname/)
longname=right(longnamelen(longname))
wend
GetFileName=longname
EndFunction
DimStream
DimContents
DimFileName
DimTrueFileName
DimFileExt
ConstadTypeBinary=
FileName=RequestQueryString(FileName)
ifFileName=Then
ResponseWrite无效文件名!
ResponseEnd
Endif
FileExt=Mid(FileNameInStrRev(FileName)+)
selectCaseUCase(FileExt)
CaseASPASAASPXASAXMDB
ResponseWrite非法操作!
ResponseEnd
Endselect
ResponseClear
iflcase(right(FileName))=giforlcase(right(FileName))=jpgorlcase(right(FileName))=pngthen
ResponseContentType=image/*对图像文件不出现下载对话框
else
ResponseContentType=application/msdownload
endif
ResponseAddHeadercontentdispositionattachment;filename=&GetFileName(RequestQueryString(FileName))
SetStream=servercreateObject(ADODBStream)
StreamType=adTypeBinary
StreamOpen
iflcase(right(FileName))=pdfthen设置pdf类型文件目录
TrueFileName=/the_pdf_file_s/&FileName
endif
iflcase(right(FileName))=docthen设置DOC类型文件目录
TrueFileName=/my_D_O_C_file/&FileName
endif
iflcase(right(FileName))=giforlcase(right(FileName))=jpgorlcase(right(FileName))=pngthen
TrueFileName=/all_images_/&FileName设置图像文件目录
endif
StreamLoadFromFileServerMapPath(TrueFileName)
WhileNotStreamEOS
ResponseBinaryWriteStreamRead(*)
Wend
StreamClose
SetStream=Nothing
ResponseFlush
ResponseEnd
%>
