码迷,mamicode.com
首页 > 其他好文 > 详细

防盗链设置及一些绕过防盗链的方法

时间:2014-12-23 10:45:28      阅读:618      评论:0      收藏:0      [点我收藏+]

标签:

再nginx集群内设置防盗链

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
                         {
                                 valid_referers none blocked *.tappal.com tappal.com;
                                 if  ($invalid_referer) {
                                         return  404;
                         }
                                 expires      30d;
                         }

在java程序内

设置防盗链的filter

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

            throws IOException, ServletException {
            HttpServletRequest req = (HttpServletRequest) request;
            HttpServletResponse resp = (HttpServletResponse) response;
            String referer = req.getHeader("referer");
            if(null != referer && referer.trim().startsWith("http://localhost:8080/baidu")){
                 System.out.println("正常页面请求");
                 chain.doFilter(req, resp);
            }else{
                 System.out.println("盗链");
                 req.getRequestDispatcher("/html/error.html").forward(req, resp);
            }
 }


最核心的其实也就是这句  String referer = req.getHeader("referer");


再来看看绕过防盗链的措施

使用iframe方法

<script>window.sc="<img src=‘http://cdn.archdaily.net/wp-content/uploads/2011/06/1309476244-elicium-rai-01-528x351.jpg?"+Math.random()+"‘>";</script>  
<iframe id="imiframe" src="javascript:parent.sc" style="border:none; overflow: hidden;" scrolling="no" frameborder="0" onload="javascript:var x=document.getElementById(‘imiframe‘).contentWindow.document.images[0];this.width=x.width+10;this.height=x.height+10;"></iframe>

使用代码加入header里的refer

def getHttpFile(address,filename){
 

  def f = new File(filename)
   if(f.exists()){
       return;
   }
   def file = new FileOutputStream(filename)
   def out = new BufferedOutputStream(file)
   println ‘Download file: ‘ + filename
   def url = new URL(address)
   def urlConn = url.openConnection()
  urlConn.setRequestProperty(‘Referer‘,xxxxxx‘)  //xxx为要访问的目标网站
   urlConn.connect()
   out << urlConn.getInputStream()
   println ‘Download over: ‘ + filename
   out.close()
}

都是从header里做手脚

防盗链设置及一些绕过防盗链的方法

标签:

原文地址:http://my.oschina.net/angleshuai/blog/359438

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!