To use the ServerVariables property of the request object, use it to obtain the value of the environment variable. The syntax used is: Request.ServerVariables(variable), "variable" represents the name of the environment variable, such as server host name, Web server software name, etc. If "variable" is "REMOTE_ADDR", it represents the visitor's IP address, through It can implement IP address filtering.
The source program is as follows: (File name: demo.ASP)
The following is a reference fragment:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb_2312-80">
<meta name="GENERATOR" content="Microsoft FrontPage Express 2.0">
<style>
<!--
.as{ line-height: 15px; font-size: 9pt }
a:hover {color: rgb(0,51,240);text-decoration:underline}
.p9 { font-family: "宋体"; font-size: 9pt; line-height: 15pt}
.p12 { font-family: "宋体"; font-size: 12pt; line-height: 18pt}
a:link { text-decoration: none;}
a:visited { text-decoration:none;}
a:hover {text-decoration: underline;font-size: 125%;color:blue}
-->
</style>
<title>ASP page firewall function demonstration</title>
</head>
<body background=“back.jpg”>
<%
'Use Request.ServerVariables("REMOTE_ADDR") to get the IP address and save it in the variable rip
rip=Request.ServerVariables(“REMOTE_ADDR”)
strip=cstr(rip)
'Get the value of the third segment of the IP address and save it to the strip
for i=1 to 2
strip=right(strip,len(strip)-instr(1,strip,“.”))
next
strip=left(strip,instr(1,strip,“.”)-1)
'IP address validity check and password verification include two aspects:
'If the IP address matches, the verification is passed; if the IP address does not match, check whether the entered password is correct (the password here is "asp")
if (left(rip,5) <> “127.1” or strip<“1” or strip>“50”) and request(“Passwd”)<>“asp” then
%>
<p><font color="#FF0000">Sorry, your IP is <%=rip%>. The IPs that can be accessed on this page are between 127.1.1.* to 127.1.50.*. If you are this Users of the company's intranet, please make sure your browser does not use a proxy! <BR></font></p>
<form action=“demo.asp” method=“POST” id=form1 name=form1>
<p>Please enter the access password: <input type="password" name="Passwd" > <input type="submit" value="Confirm" name="B1">;
</p>
</form>
<%else%>
'A page that legitimate users can access, where any information can be added
Congratulations, you have successfully passed the security certification of the page and can directly use the resources of this site!
<%end if%>
</body>
</html>
In actual use, you only need to slightly modify the above program (such as IP address and other information). Of course, this only implements the security function in one page. If a website has multiple pages, you can set a session variable to control the user. flag to be judged on the following pages.