- Rongsen.Com.Cn 版权所有 2008-2010 京ICP备08007000号 京公海网安备11010802026356号 朝阳网安编号:110105199号
- 北京黑客防线网安工作室-黑客防线网安服务器维护基地为您提供专业的
服务器维护
,企业网站维护
,网站维护
服务 - (建议采用1024×768分辨率,以达到最佳视觉效果) Powered by 黑客防线网安 ©2009-2010 www.rongsen.com.cn
如何禁止CSSJS等文件被下载
作者:黑客防线网安网站维护基地 来源:黑客防线网安 浏览次数:0 |
黑客防线网安网讯:我们用FSO来读取文件之前,判断querystring的值是否和session的值想符合,不相符合就不读取文件.如果相符合就读出css文件发送到客户端.然后将session清空.
我们用FSO来读取文件之前,判断querystring的值是否和session的值想符合,不相符合就不读取文件.如果相符合就读出css文件发送到客户端.然后将session清空.
代码如下:
显示文件showfile.asp
<%
if session("css")="" then
session("css")=session.sessionid
end if
if request("sss")<>session("css") then
response.write "非法链接!"
response.end
end if
session("css")="" '关键是这里,将CSS文件显示后,立即将session清空,也可以采用session.abandon方法,但是那将把所有的session都清空了
FileName=server.MapPath("css.css")
Set fso=Server.CreateObject("Scripting.FileSystemObject")
if fso.fileexists(FileName)=false then
FileName=server.MapPath("images/fileerror.gif")
flsize=16384
'flname=FileName
else
Set fl=fso.getfile(FileName)
flsize=fl.size
'flname=fl.name
Set fl=Nothing
end if
Set fso=Nothing
'response.write filename
'response.end
Response.Clear
dim UpFileExt,CType
UpFileExt=lcase(right(FileName,4))
flname="webstudio" & UpFileExt
Select Case UpFileExt
Case ".asf",".avi",".mpg","mpeg",".mov",".3gp",".wmv"
CType = "video/*"
Case ".wma"
CType="audio/x-ms-wma"
Case ".wav",".mp3"
CType = "audio/*"
Case ".bmp"
CType="application/x-bmp"
Case ".png"
CType="application/x-png"
Case ".gif",".jpg","jpeg"
CType = "image/*"
Case ".doc"
CType = "application/msword"
Case ".exe"
CType = "application/x-msdownload "
Case ".pdf"
CType = "application/pdf"
'Case "rmvb"
'CType="application/vnd.rn-realmedia-vbr"
Case ".zip"
CType = "application/zip"
Case ".xls"
CType = "application/vnd.ms-excel"
Case ".ppt"
CType = "application/vnd.ms-powerpoint"
Case ".mdb"
CType = "application/x-msaccess"
Case ".rtf"
CType = "application/rtf"
Case ".htm", "html"
CType = "text/html"
Case ".txt"
CType = "text/plain"
Case Else
CType = "application/octet-stream"
End Select
Response.AddHeader "content-disposition","attachment; filename=" & flname
Response.AddHeader "Content-Length",flsize
Response.Charset = "UTF-8"
Response.ContentType=CType
Set Stream = server.CreateObject("ADODB.Stream")
Stream.Type = 1'adTypeBinary
Stream.Open
Stream.LoadFromFile FileName
While Not Stream.EOS
Response.BinaryWrite Stream.Read()
Wend
Stream.Close
Set Stream = Nothing
Response.Flush
Response.End
%>
前台调用:
<link rel="stylesheet" type="text/css" href="showfile.asp?sss=<%=session.SessionID%>" />
前台将参数sss传递给showfile.asp,showfile.asp通过判断sss是否与session("css")相一致来决定是否将css文件传递给客户端.
我测试了一下,OK
黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show-4503-1.html
新闻栏目
| 我要申请本站:N点 | 黑客防线官网 | |
| 专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479 |