Use Asp to hide file paths to prevent hot links

If we know the actual path of a static file such as: http://www.xx.com/download/51windows.pdf , and if the server does not set any special restrictions, we can download it effortlessly! When the website provides 51windows.pdf for download, how can we prevent the downloader from getting his actual path? This article will introduce how to use Asp to hide the actual download path of files.

When we manage website files, we can put files with the same extension in the same directory and give them a special name. For example, the directory where the pdf files are placed is the_pdf_file_s, and the following code is saved as down.asp, and its online path is http. ://www.xx.com/down.asp, we can use http://www.xx.com/down.asp?FileName=51windows.pdf to download this file, and the downloader cannot see this file The actual download path! In down.asp, we can also set whether downloading files requires logging in, and determine whether the downloaded source page is an external website, thus preventing files from being linked.

Sample code:

<% From_url = Cstr(Request.ServerVariables("HTTP_REFERER")) Serv_url = Cstr(Request.ServerVariables("SERVER_NAME")) if mid(From_url,8,len(Serv_url)) <> Serv_url then response.write "Illegal link!" 'Prevent hot links response.end end if if Request.Cookies("Logined")="" then response.redirect "/login.asp" 'Require login! end if Function GetFileName(longname)'/folder1/folder2/file.asp=>file.asp while instr(longname,"/") longname = right(longname,len(longname)-1) wend GetFileName = longname End Function Dim Stream Dim Contents Dim FileName Dim TrueFileName Dim FileExt Const adTypeBinary = 1 FileName = Request.QueryString("FileName") if FileName = "" Then Response.Write "Invalid file name!" Response.End End if FileExt = Mid(FileName, InStrRev (FileName, ".") + 1) Select Case UCase(FileExt) Case "ASP", "ASA", "ASPX", "ASAX", "MDB" Response.Write "Illegal operation!" Response.End End Select Response .Clear if lcase(right(FileName,3))="gif" or lcase(right(FileName,3))="jpg" or lcase(right(FileName,3))="png" then Response.ContentType = " image/*" 'No download dialog box appears for image files else Response.ContentType = "application/ms-download" end if Response.AddHeader "content-disposition", "attachment; filename=" & GetFileName(Request.QueryString(" FileName")) Set Stream = server.CreateObject("ADODB.Stream") Stream.Type = adTypeBinary Stream.Open if lcase(right(FileName,3))="pdf" then 'Set pdf type file directory TrueFileName = "/ the_pdf_file_s/"&FileName end if if lcase(right(FileName,3))="doc" then 'Set DOC type file directory TrueFileName = "/my_D_O_C_file/"&FileName end if if lcase(right(FileName,3))="gif " or lcase(right(FileName,3))="jpg" or lcase(right(FileName,3))="png" then TrueFileName = "/all_images_/"&FileName 'Set the image file directory end if Stream.LoadFromFile Server. MapPath(TrueFileName) While Not Stream.EOS Response.BinaryWrite Stream.Read(1024 * 64) Wend Stream.Close Set Stream = Nothing Response.Flush Response.End %>