用Asp隐藏文件路径，实现防盗链-ASP教程,ASP应用

　如果我们知道一个静态文件的实际路径如：http://www.xx.com/download/51windows.pdf，如果服务器没有作特别的限制设置，我们就可以毫不费力的把它下载下来！当网站提供51windows.pdf下载时，怎么样才能让下载者无法得到他的实际路径呢！本文就来介绍如何使用asp来隐藏文件的实际下载路径。

　　我们在管理网站文件时，可以把扩展名一样的文件放在同一个目录下，起一个比较特别名字，例如放pdf文件目录为the_pdf_file_s，把下面代码另存为down.asp，他的网上路径为http://www.xx.com/down.asp，我们就可以用http://www.xx.com/down.asp?filename=51windows.pdf来下载这个文件了，而且下载者无法看到这个文件实际下载路径的！在down.asp中我们还可以设置下载文件是否需要登陆，判断下载的来源页是否为外部网站，从而可以做到防止文件被盗链。

示例代码：

<%

from_url = cstr(request.servervariables("http_referer"))

serv_url = cstr(request.servervariables("server_name"))

if mid(from_url,8,len(serv_url)) <> serv_url then

response.write "非法链接！" 防止盗链

response.end

end if

if request.cookies("logined")="" then

response.redirect "/login.asp" 需要登陆！

end if

function getfilename(longname)/folder1/folder2/file.asp=>file.asp

while instr(longname,"/")

longname = right(longname,len(longname)-1)

wend

getfilename = longname

end function

dim stream

dim contents

dim filename

dim truefilename

dim fileext

const adtypebinary = 1

filename = request.querystring("filename")

if filename = "" then

response.write "无效文件名！"

response.end

end if

fileext = mid(filename, instrrev(filename, ".") + 1)

select case ucase(fileext)

case "asp", "asa", "aspx", "asax", "mdb"

response.write "非法操作！"

response.end

end select

response.clear

if lcase(right(filename,3))="gif" or lcase(right(filename,3))="jpg" or lcase(right(filename,3))="png" then

response.contenttype = "image/*" 对图像文件不出现下载对话框

else

response.contenttype = "application/ms-download"

end if

response.addheader "content-disposition", "attachment; filename=" & getfilename(request.querystring("filename"))

set stream = server.createobject("adodb.stream")

stream.type = adtypebinary

stream.open

if lcase(right(filename,3))="pdf" then 设置pdf类型文件目录

truefilename = "/the_pdf_file_s/"&filename

end if

if lcase(right(filename,3))="doc" then 设置doc类型文件目录

truefilename = "/my_d_o_c_file/"&filename

end if

if lcase(right(filename,3))="gif" or lcase(right(filename,3))="jpg" or lcase(right(filename,3))="png" then

truefilename = "/all_images_/"&filename 设置图像文件目录

end if

stream.loadfromfile server.mappath(truefilename)

while not stream.eos

response.binarywrite stream.read(1024 * 64)

wend

stream.close

set stream = nothing

response.flush

response.end

%>