Home>Network programming tutorial>ASP tutorial

Use Asp to hide file paths to implement anti-theft link code

Author:Eve Cole Update Time:2025-04-24 11:00:04

Use Asp to hide file paths to realize anti-theft chain

If we know the actual path of a static file such as: http://www.xx.com/download/51windows.pdf, if the server does not have special restrictions, we can download it effortlessly! When the website provides 51windows.pdf download, how can the downloader not get his actual path! This article will introduce how to use Asp to hide the actual download path of a file.

When managing website files, we can place files with the same extension in the same directory and give a special name, for example, put the pdf file directory as the_pdf_file_s, and save the following code as down.asp. Its online path is http://www.xx.com/down.asp. We can use http://www.xx.com/down.asp?FileName=51windows.pdf to download this file, and the downloader cannot see the actual download path of this file! In down.asp, we can also set whether the downloaded file needs to be logged in and determine whether the downloaded source page is an external website, so as to prevent the file from being stolen.

Sample code:

<%

From_url=Cstr(Request.ServerVariables("HTTP_REFERER"))

Serv_url=Cstr(Request.ServerVariables("SERVER_NAME"))

ifmid(From_url,8,len(Serv_url))<>Serv_urltthen

response.write "Illegal link!"' Prevent link stealing

response.end

endif

ifRequest.Cookies("Logined")=""then

response.redirect"/login.asp"'need to log in!

endif

FunctionGetFileName(longname)'/folder1/folder2/file.asp=>file.asp

whileinstr(longname,"/")

longname=right(longname,len(longname)-1)

wend

GetFileName=longname

EndFunction

DimStream

DimContents

DimFileName

DimTrueFileName

DimFileExt

ConstadTypeBinary=1

FileName=Request.QueryString("FileName")

ifFileName=""Then

Response.Write "Invalid file name!"

Response.End

Endif

FileExt=Mid(FileName,InStrRev(FileName,".")+1)

SelectCaseUCase(FileExt)

Case"ASP","ASA","ASPX","ASAX","MDB"

Response.Write "Illegal operation!"

Response.End

EndSelect

Response.Clear

iflcase(right(FileName,3))="gif" orlcase(right(FileName,3))="jpg"orlcase(right(FileName,3))="png"then

Response.ContentType="image/*"'No download dialog box appears for image files

else

Response.ContentType="application/ms-download"

endif

Response.AddHeader"content-disposition","attachment;filename="&GetFileName(Request.QueryString("FileName"))

SetStream=server.CreateObject("ADODB.Stream")

Stream.Type=adTypeBinary

Stream.Open

iflcase(right(FileName,3))="pdf"then' Set the pdf type file directory

TrueFileName="/the_pdf_file_s/"&FileName

Related Articles