The main purpose of setting up a firewall for web pages is to provide different services to different visitors based on the content of the web page. With Java Script or VB Script, we can easily do this. However, the source code of the web page can be seen in the client's browser, and visitors can view the user authentication method used, which is just a surface firewall. ASP is the middle layer of the client/server structure on the web. Although it is written in scripting languages (Java Script, VB Script, etc.), the program code runs on the server, and only dynamic HTML files output by the ASP can be seen on the client. , but ASP still has certain vulnerabilities, and you can also see the source code of the ASP program by taking certain measures. At this time, through the combination of ASP and SQL Server, we can design simple, efficient and reliable applications. The following is a brief introduction to its establishment process.
1. Create Login
Create a visitor's Login and Password on SQL Server.
2. Create a database DSN on the network server
Use the ODBC Data Source Manager in Control Panel to create the ODBC data resource name, DSN, for a database, so that you can use the database DSN to connect to the specific database in the future.
ODBC Data Source Manager provides three types of DSNs, namely user DSN, system DSN and file DSN. Among them, the user DSN will save the corresponding configuration information in the Windows registry, but only the logged-in users who create the DSN are allowed to use it. The system DSN also saves relevant configuration information in the system registry, but unlike the user DSN, the system DSN allows all users who log in to the server to use it.
Unlike the above two database DSNs, the file DSN stores the specific configuration information in a specific file on the hard disk. File DSN is allowed to be used by all users who log in to the server, and can provide access to the database DSN even without any user login. In addition, because the file DSN is saved in the hard disk file, it can be easily copied to other machines. In this way, users can use the DSN created on other machines without making any changes to the system registry.
Among the above three database DSNs, it is recommended that users choose system DSN or file DSN. If users prefer the portability of file DSN, they can obtain higher security guarantees by setting file access rights under the NT system.
To create a new DSN, the user first selects Add, and then selects the type of database that the user will establish the connection in the pop-up window and selects the SQL Server entry in the list. If the user is creating a file DSN, click the Next button and enter the file name and save path of the file DSN you want to create in the subsequent dialog box. If the user has established a system DSN, click the Finish button.
After selecting the database, the user needs to set the database DSN. Users need to select the specific server that provides database services, set the login username and password, and the database the user will connect to.
III. Programming
What you want to implement below is the function of a simple page firewall. This page only restricts users of the intranet of this unit to access (assuming that the IP address of the intranet is from 10.61.96. to 10.65.97.). If it is an external user of the unit to access it, it is required to enter the access user. Name and password. Here you want to use the ServerVariables property of the request object, and use it to obtain the value of the environment variable.
The program source code (firewall.asp) is as follows:
| <html> <head> <meta http-equiv=Content-Type content=text/html; charset=gb_2312-80> <meta name=GENERATOR content=Microsoft FrontPage Express 2.0> <title>firewall.asp</title> </head> <body background=#800080 > <% 'Use Request.ServerVariables(REMOTE_ADDR) to get the IP address and save it in the variable remoteip remoteip=Request.ServerVariables(REMOTE_ADDR) Stip=cstr(remoteip) Get the value of the third segment of the IP address and save it to the stip for i=1 to 2 Stip=right(stip,len(stip)-instr(1,stip,.))) next Stip=left(stip,instr(1,stip,.)-1) 'IP address validity verification and password verification, including two aspects: if the IP address meets the requirements, pass the verification; if the IP address does not meet the requirements, check whether the entered username and password are correct. if (left(remoteip,5) <> 10.61 or stamp<96 or stamp>97) then username=request.form(t1) password=request.form(t2) Set fs = CreateObject(Scripting.FileSystemObject) Set thisfile = fs.OpenTextFile(dsn.txt) db_loc=thisfile.readline thisfile.close cnstr=db_loc&&uid=&&username&&;&pid=&password on error resume next set cn=server.createobject(adodb.connection) cn.open cnstr if err=3709 then %> <p><font color=#FF0000> Sorry, user: <%=username%> No access permission, or the password is incorrect! <BR></font></p> <form method=POST> <p align=center>User name: <input type=text name=T1 size=20> Password: <input type=password name=T2 size=20><input type=submit value=Submit name=B1><input type =reset value=Rewrite all name=B2> </p> </form> <%end if cn.close set cn=nothing%> <%else %> Congratulations, you have passed the verification and can directly use the resources of this site! <%end if%> </body> </html> |
After slightly modifying the above information such as IP address, the program can be run.
Of course, the above is just a firewall function implemented in one page. If a website has multiple pages, you can set a session variable to mark the user and make judgments in the following pages.