早上起来躺床上不知道怎么突然想起防盗链这个事情,一个简单的概念系统该很简单,
获得浏览器的get请求以后查看http head的referer部分,里面的网址是否是本站地址就行。
这样只要做一个字符串比较就可以实现,这样可以保护链接,但是如果别人获得文件的绝对地址这个方法恐怕就无法阻止盗链了,文件默认是由web服务器还进行处理,像apache简单设置就可以防盗链,光检查referer部分是不善的,http head本来是由客户端提供,很容易伪造,flashget在下载的时候就可以设置引用页面,而且新版flashget在不提供引用页的请客下把网址去掉下载文件名后的其他部分当然referer发给服务器,这时候就需要加上session或cookie的保护的,servlet通过内部io是可以在不发送文件真是地址的情况下发送文件的。具体实现部分稍后发布
2006-09-01 v0.1
[codes=java]
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
public class DownLoadServlet extends javax.servlet.http.HttpServlet
{
public void doGet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
throws javax.servlet.ServletException, java.io.IOException
{
//RequestDispatcher rd = getServletContext().getRequestDispatcher("/Login");
//rd.forward(request, response);
HttpSession session = request.getSession();
request.setCharacterEncoding("gbk");
//response.setCharacterEncoding("gbk");
String t=null;
//String email="kong2";
if (session==null)
response.sendRedirect("Login");
//rd.forward(request, response);
else {
String loggedIn = (String) session.getAttribute("loggedIn");
if (loggedIn==null||!loggedIn.equals("true"))
response.sendRedirect("Login");
// rd.forward(request, response);
}
//int n=request.getHeader("referer").indexOf("localhost");
if (request.getHeader("referer") != null)
{
if (request.getHeader("referer").indexOf("localhost")> 0)
{
String filename=request.getParameter("filename");
String s = "d:\\"+filename;
//String s = "e:\\tree.mdb";
//java.io.RandomAccessFile raf = new java.io.RandomAccessFile(s,"r");
java.io.File f = new java.io.File(s);
java.io.FileInputStream fis = new java.io.FileInputStream(f);
//response.reset();
response.setHeader("Server", "[email protected]");
response.setHeader("Accept-Ranges", "bytes");
long p = 0;
long l = 0;
//l = raf.length();
l = f.length();
if (request.getHeader("Range") != null)
{
response.setStatus(javax.servlet.http.HttpServletResponse.SC_PARTIAL_CONTENT);//206
p = Long.parseLong(request.getHeader("Range").replaceAll("bytes=","").replaceAll("-",""));
}
response.setHeader("Content-Length", new Long(l – p).toString());
if (p != 0)
{
response.setHeader("Content-Range","bytes " + new Long(p).toString() + "-" + new Long(l -1).toString() + "/" + new Long(l).toString());
}
//response.setLocale(Locale.CHINA);
//response.setContentType("text/html;charset=GB2312");
//response.setHeader("Connection", "Close"); //如果有此句话不能用 IE 直接下载
String sr=f.getName();
String tf=new String(sr.getBytes("gbk"),"ISO8859_1");
response.setHeader("Content-Disposition", "attachment;filename=\"" +tf+ "\"");
response.setContentType("application/octet-stream");
//response.setHeader("Content-Disposition", "attachment;filename=\"" + s.substring(s.lastIndexOf("\\") + 1) + "\"");
//response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + "\"");
//raf.seek(p);
fis.skip(p);
byte[] b = new byte[1024];
int i;
//while ( (i = raf.read(b)) != -1 )
while ( (i = fis.read(b)) != -1 )
{
response.getOutputStream().write(b,0,i);
}
//raf.close();
fis.close();
}
else
{
response.setContentType("text/html; charset=gb2312");
java.io.PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>盗链可耻1</title></head>");
out.println("<body>");
out.println("<p>盗链可耻! 请注意地址栏中如果是 http://localhost</p>");
out.println("<p>正常情况下是第三次点击真正下载</p>");
//out.println(n);
out.println("REFERER : " + request.getHeader("REFERER"));
//out.println("<p><A HREF='http://localhost>http://localhost:8180/examples/basic/servlet/DownLoadServlet' target='_blank'>请点击这里下载</A> </p>");
out.println("</body></html>");
}
}
else
{
response.setContentType("text/html; charset=gb2312");
java.io.PrintWriter out = response.getWriter(); //Servlet
out.println("<html>");
out.println("<head><title>盗链可耻2</title></head>");
out.println("<body>");
out.println("<p>盗链可耻! 请注意地址栏中如果是 http://localhost</p>");
out.println("<p>正常情况下是第三次点击真正下载</p>");
out.println("REFERER : " + request.getHeader("REFERER"));
//out.println("<p><A HREF='http://localhost:8180/examples/basic/servlet/DownLoadServlet' target='_blank'>清点击这里下载</A> </p>");
out.println("</body></html>");
}
}
}
[/codes]