ASP.net图片地址防盗链,通过IHttpHandler实现

 

/** 防盗链IHttpHandler  
 * 增加了对文件关键字的选择(即仅对文件名存在某些关键字或不存在某些关键字进行过滤) 
 * 设置web.config中
<appSettings>节以下值 
 * string eWebapp_NoLink    如果文件名符合该正确表态式将进行过滤(不设置对所有进行过滤) 
 * string eWebapp_AllowLink       如果文件名符合该正确表态式将不进行过滤(优先权高于AllowLink,不设置则服从AllowLink) 
 * bool eWebapp_ AllowOnlyFile        如果为False,(默认true)则不允许用户直接对该文件进行访问建议为true 
 *  
 *  
 * 以下设置均可省略,设置只是为了增加灵活性与体验 
 * eWebapp_NoLink_Message  错误信息提示:默认为Link From:域名 
 * eWebapp_Error_Width        错误信息提示图片宽 
 * eWebapp_Error_Height        错误信息提示图片高 
 */  

 

 

using System; 
using System.Web; 
using System.Drawing; 
using System.Drawing.Imaging; 
using System.IO; 
using System.Configuration; 
using System.Text.RegularExpressions; 

namespace eWebapp 

    
/// <summary> 
    
/// 防盗链IHttpHandler 
    
/// 参考http://www.softat.org/archiver/tid-52114.html 
    
/// 
    
/// </summary> 
    public class NoLink : IHttpHandler 
    { 
        
private string eWebapp_NoLink = string.Empty; 
        
private string eWebapp_AllowLink = string.Empty; 
        
private bool eWebapp_AllowOnlyFile = true
        
private string eWebapp_NoLink_Message = string.Empty; 
        
private bool error = false

        
public NoLink() 
        { 
            
// 
            
// TODO: 在此处添加构造函数逻辑 
            
// 
        } 
        
public void ProcessRequest(HttpContext context) 
        { 
            eWebapp_NoLink_Message 
= ConfigurationSettings.AppSettings["eWebapp_NoLink_Message"];           
            
string myDomain = string.Empty; 
            error 
= errorLink(context,out myDomain);     
            
if(Empty(eWebapp_NoLink_Message))  
            { 
                eWebapp_NoLink_Message 
= "Link from :" + myDomain; 
            } 
            
if(error) 
            { 
                
//Jpg(context.Response,eWebapp_NoLink_Message); 
                Jpg(context.Response,eWebapp_NoLink_Message); 
            } 
            
else 
            { 
                 Real(context.Response,context.Request); 
            } 
        } 
        
public bool IsReusable 
        { 
            
get 

            { 
                
return true
            } 
        } 


        
/// <summary> 
        
/// 输出错误信息 
        
/// </summary> 
        
/// <param name="Response"></param> 
        
/// <param name="_word"></param> 
        private void Jpg(HttpResponse Response,string _word)  
        {
            
int myErrorWidth = _word.Length*15
            
int myErrorHeight = 16
            
try 
            { 
                
int _myErrorWidth = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Width"]); 
                
if(_myErrorWidth > 0 ) 
                { 
                    myErrorWidth 
= _myErrorWidth; 
                } 
            } 
            
catch 
            { 
            } 
            
try 
            { 
                
int _myErrorHeight = Convert.ToInt32(ConfigurationSettings.AppSettings["eWebapp_Error_Height"]); 
                
if(_myErrorHeight  > 0 ) 
                { 
                    myErrorHeight 
= _myErrorHeight; 
                } 
            } 
            
catch 
            { 
            } 
            Bitmap Img
=null
            Graphics g
=null
            MemoryStream ms
=null
            Img
=new Bitmap(myErrorWidth,myErrorHeight); 
            g
=Graphics.FromImage(Img); 
            g.Clear(Color.White); 
            Font f
=new Font("Arial",9); 
            SolidBrush s
=new SolidBrush(Color.Red); 
            g.DrawString(_word,f,s,
3,3); 
            ms
=new MemoryStream(); 
            Img.Save(ms,ImageFormat.Jpeg); 
            Response.ClearContent();  
            Response.ContentType
="image/Gif"
            Response.BinaryWrite(ms.ToArray()); 
            g.Dispose(); 
            Img.Dispose(); 
            Response.End(); 
        } 

        
/// <summary> 
        
/// 输出真实文件 
        
/// </summary> 
        
/// <param name="response"></param> 
        
/// <param name="context"></param> 
        private void Real(HttpResponse response,HttpRequest request) 
        { 
            FileInfo file 
= new System.IO.FileInfo(request.PhysicalPath); 
            response.Clear(); 
            response.AddHeader(
"Content-Disposition""filename=" + file.Name); 
            response.AddHeader(
"Content-Length", file.Length.ToString()); 
            
string fileExtension = file.Extension.ToLower(); 
            
//这里选择输出的文件格式 
            
//可以参考http://ewebapp.cnblogs.com/articles/234756.html增加对更多文件格式的支持.            
            
switch (fileExtension) 
            { 
                
case "mp3"
                    response.ContentType 
= "audio/mpeg3"
                    
break
                
case "mpeg"
                    response.ContentType 
= "video/mpeg"
                    
break
                
case "jpg"
                    response.ContentType 
= "image/jpeg"
                    
break
                
case "bmp"
                    response.ContentType 
= "image/bmp"
                    
break
                
case "gif"
                    response.ContentType 
= "image/gif"
                    
break
                
case "doc"
                    response.ContentType 
= "application/msword"
                    
break
                
case "css"
                   response.ContentType 
= "text/css"
                   
break
                
default
                   response.ContentType 
= "application/octet-stream"
                   
break
            }  
            response.WriteFile(file.FullName); 
            response.End(); 
        } 


        
/// <summary> 
        
/// 确认字符串是否为空 
        
/// </summary> 
        
/// <param name="_value"></param> 
        
/// <returns></returns> 
        private bool Empty(string _value) 
        { 
            
if(_value == null | _value == string.Empty | _value == ""
            { 
                
return true
            } 
            
else 
            { 
                
return false
            } 
        } 


        
/// <summary> 
        
/// 检查是否是非法链接 
        
/// </summary> 
        
/// <param name="context"></param> 
        
/// <param name="_myDomain"></param> 
        
/// <returns></returns> 
        private bool errorLink(HttpContext context,out string _myDomain) 
        { 
            HttpResponse response 
= context.Response; 
            
string myDomain = context.Request.ServerVariables["SERVER_NAME"]; 
            _myDomain 
= myDomain ; 
            
string myDomainIp = context.Request.UserHostAddress; 
            eWebapp_NoLink 
= ConfigurationSettings.AppSettings["eWebapp_NoLink"]; 
            eWebapp_AllowLink 
= ConfigurationSettings.AppSettings["eWebapp_AllowLink"]; 

            
try 
            { 
                eWebapp_AllowOnlyFile 
= Convert.ToBoolean(ConfigurationSettings.AppSettings["eWebapp_AllowOnlyFile"]); 
            } 
            
catch 
            { 
                eWebapp_AllowOnlyFile 
= true
            } 
            
if(context.Request.UrlReferrer != null
            {                 
                
//判定referDomain是否存在网站的IP或域名 
                string referDomain = context.Request.UrlReferrer.AbsoluteUri.Replace(context.Request.UrlReferrer.AbsolutePath,""); 
                
string myPath  = context.Request.RawUrl; 

                
if(referDomain.IndexOf(myDomainIp) >=0 | referDomain.IndexOf(myDomain)>=0
                { 
                    
return false
                } 
                
else 
                { 
                    
//这里使用正则表达对规则进行匹配 
                    try 
                    { 
                        Regex myRegex ; 

                        
//检查允许匹配 
                        if(!Empty(eWebapp_AllowLink)) 
                        {                             
                            myRegex 
= new Regex(eWebapp_AllowLink); 
                            
if(myRegex.IsMatch(myPath)) 
                            { 
                                
return false
                            } 
                        } 
                        
//检查禁止匹配 
                        if(!Empty(eWebapp_NoLink)) 
                        { 
                            myRegex 
= new Regex(eWebapp_NoLink); 
                            
if(myRegex.IsMatch(myPath)) 
                            { 
                                
return true
                            } 
                            
else 
                            { 
                                
return false
                            } 
                        } 
                        
return true
                    } 
                    
catch 
                    { 
                        
//如果匹配出错,链接错误 
                        return true
                    } 
                } 
            } 
            
else 
            { 
                
//是否允许直接访问文件 
                if(eWebapp_AllowOnlyFile) 
                { 
                    
return false
                } 
                
else 
                { 
                    
return true
                } 
            } 
        } 
    } 
}
posted @ 2008-12-27 16:08  jay-c  阅读(183)  评论(0)    收藏  举报