ASP防盗链及防下载的方法

如果我们知道一个静态文件的实际路径如：windows.pdf " >http://www.xx.com/download/51windows.pdf，如果服务器没有作特别的限制设置，我们就可以毫不费力的把它下载下来！当网站提供51windows.pdf下载时，怎么样才能让下载者无法得到他的实际路径呢！本文就来介绍如何使用Asp来隐藏文件的实际下载路径。 

　　我们在管理网站文件时，可以把扩展名一样的文件放在同一个目录下，起一个比较特别名字，例如放pdf文件目录为the_pdf_file_s，把下面代码另存为down.asp，他的网上路径为http: // www.xx.com / down.asp，我们就可以用windows.pdf " >http://www.xx.com/down.asp?FileName=51windows.pdf来下载这个文件了，而且下载者无法看到这个文件实际下载路径的！在down.asp中我们还可以设置下载文件是否需要登陆，判断下载的来源页是否为外部网站，从而可以做到防止文件被盗链。

示例代码：
< %
From_url  =   Cstr (Request.ServerVariables( " HTTP_REFERER " ))
Serv_url  =   Cstr (Request.ServerVariables( " SERVER_NAME " ))
if   mid (From_url, 8 , len (Serv_url))  <>  Serv_url  then
response.write  " 非法链接！ "   ' 防止盗链
response.end
end   if

if  Request.Cookies( " Logined " ) = ""   then
response.redirect  " /login.asp "   ' 需要登陆！
end   if
Function  GetFileName(longname) ' /folder1/folder2/file.asp=>file.asp
while   instr (longname, " / " )
longname  =   right (longname, len (longname) - 1 )
wend
GetFileName  =  longname
End Function
Dim  Stream
Dim  Contents
Dim  FileName
Dim  TrueFileName
Dim  FileExt
Const  adTypeBinary  =   1
FileName  =  Request.QueryString( " FileName " )
if  FileName  =   ""   Then
  Response.Write  " 无效文件名！ "
  Response.End
End   if
FileExt  =   Mid (FileName,  InStrRev (FileName,  " . " )  +   1 )
Select   Case   UCase (FileExt)
   Case   " ASP " ,  " ASA " ,  " ASPX " ,  " ASAX " ,  " MDB "
    Response.Write  " 非法操作！ "
    Response.End
End   Select
Response.Clear
if   lcase ( right (FileName, 3 )) = " gif "   or   lcase ( right (FileName, 3 )) = " jpg "   or   lcase ( right (FileName, 3 )) = " png "   then
Response.ContentType  =   " image/* "   ' 对图像文件不出现下载对话框
else
Response.ContentType  =   " application/ms-download "
end   if
Response.AddHeader  " content-disposition " ,  " attachment; filename= "   &  GetFileName(Request.QueryString( " FileName " ))
Set  Stream  =  server.CreateObject( " ADODB.Stream " )
Stream.Type  =  adTypeBinary
Stream.Open
if   lcase ( right (FileName, 3 )) = " pdf "   then   ' 设置pdf类型文件目录
TrueFileName  =   " /the_pdf_file_s/ " & FileName
end   if  
if   lcase ( right (FileName, 3 )) = " doc "   then   ' 设置DOC类型文件目录
TrueFileName  =   " /my_D_O_C_file/ " & FileName
end   if
if   lcase ( right (FileName, 3 )) = " gif "   or   lcase ( right (FileName, 3 )) = " jpg "   or   lcase ( right (FileName, 3 )) = " png "   then
TrueFileName  =   " /all_images_/ " & FileName  ' 设置图像文件目录
end   if
Stream.LoadFromFile Server.MapPath(TrueFileName)
While   Not  Stream.EOS
  Response.BinaryWrite Stream.Read( 1024   *   64 )
Wend
Stream.Close
Set  Stream  =   Nothing
Response.Flush
Response.End
% >