asp实现防止从外部提交数据的三种方法脚本之家补充
投稿:mdxy-dxy
这篇文章主要介绍了asp实现防止从外部提交数据的三种方法,需要的朋友可以参考下
防止从外部提交数据的方法
第一种
只支持http不支持https
Function IsSelfRefer()
Dim sHttp_Referer, sServer_Name
sHttp_Referer = CStr(Request.ServerVariables("HTTP_REFERER"))
sServer_Name = CStr(Request.ServerVariables("SERVER_NAME"))
If Mid(sHttp_Referer, 8, Len(sServer_Name)) = sServer_Name Then
IsSelfRefer = True
Else
IsSelfRefer = False
End If
End Function支持https但不支持http的,简单修改一下
Function IsSelfRefer()
Dim sHttp_Referer, sServer_Name
sHttp_Referer = CStr(Request.ServerVariables("HTTP_REFERER"))
sServer_Name = CStr(Request.ServerVariables("SERVER_NAME"))
If Mid(sHttp_Referer, 9, Len(sServer_Name)) = sServer_Name Then
IsSelfRefer = True
Else
IsSelfRefer = False
End If
End Function脚本之家小编修改的
Function IsSelfRefer()
Dim sHTTP_REFERER,sSERVER_NAME,sSERVER_NAME_Refer
sHTTP_REFERER = Cstr(trim(Request.ServerVariables("HTTP_REFERER")))
sSERVER_NAME = Cstr(trim(Request.ServerVariables("SERVER_NAME")))
'sSERVER_NAME_Refer = Mid(sHTTP_REFERER, 9, Len(sSERVER_NAME)) https 8针对http
If sHTTP_REFERER<>"" then
sSERVER_NAME_Refer = split(sHTTP_REFERER,"/")(2)
if sSERVER_NAME = sSERVER_NAME_Refer then
IsSelfRefer = True
else
IsSelfRefer = false
End if
Else
IsSelfRefer = false
End if
End Function调用方法
if isSelfRefer() then response.write "ok!" else response.write "去你的!" end if
把以上代码放到aa.asp,如果是直接输入网址或者是从外部网部链接到本站,http://doamain/aa.asp 就会显示"去你的",
如果系从本站链接到aa.asp,或通过表单提交到aa.asp,将会显示ok
可以防止一些伪造表单向站内提交数据
check_out_post.asp
<!--使用该页进行表单的验证,只需在需验证页包含该页即可.-->
<%
Function check_addr()
Dim server_v1,server_v2
check_addr=False
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
If Cstr(Mid(server_v1,8,Len(server_v2)))<>Cstr(server_v2) Then
check_addr=False
Else
check_addr=True
End If
End function
Function check_post()
Dim val
val="post" '指定提交方式
check_post=False
If Lcase(Request.ServerVariables("Request_Method"))=val Then
check_post=True
Else
check_post=False
End if
End Function
'以下是调用函数进行检测,如果不满足条件则不执行该网页,否则为通过。
If check_addr()=False Then
response.write "请不要使用外部表单提交数据."
response.End
End If
If check_post()=False Then
response.write "请使用POST方式提交表单数据"
response.End
End If
%>第二种
<%
Server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
Server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
If mid(server_v1,8,len(server_v2))<>server_v2 then
Response.write "警告!你正在从外部提交数据!!请立即终止!!"
Response.End
End if
%>PHP防止站外提交数据的方法
<?
$servername=$HTTP_SERVER_VARS['SERVER_NAME'];
$sub_from=$HTTP_SERVER_VARS["HTTP_REFERER"];
$sub_len=strlen($servername);
$checkfrom=substr($sub_from,7,$sub_len);
if($checkfrom!=$servername){
echo("警告!你正在从外部提交数据!!请立即终止!!");
exit;
}
?>下面是几种补充看看就可以了
第三种
做法,屏蔽特殊字符和关键字
fqys=request.servervariables("query_string")
dim nothis(18)
nothis(0)="net user"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="net localgroup administrators"
nothis(5)="select"
nothis(6)="count"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)=":"
nothis(12)=""""
nothis(13)="insert"
nothis(14)="delete"
nothis(15)="drop"
nothis(16)="truncate"
nothis(17)="from"
nothis(18)="%"
errc=false
for i= 0 to ubound(nothis)
if instr(FQYs,nothis(i))<>0 then
errc=true
end if
next
if errc then
response.write "<script language=""javascript"">"
response.write "parent.alert('很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..');"
response.write "self.location.href='default.asp';"
response.write "</script>"
response.end
end if 第四种
可以防止客户从本地提交到网站上
<%
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write "<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>"
response.write "<tr><td style=font:9pt Verdana>"
response.write "你提交的路径有误,禁止从站点外部提交数据请不要乱该参数!"
response.write "</td></tr></table></center>"
response.end
end if
%>第五种
这样可以防止在输入框上打上or 1=1 的字样
If Instr(request("username"),"=")>0 or
Instr(request("username"),"%")>0 or
Instr(request("username"),chr(32))>0 or
Instr(request("username"),"?")>0 or
Instr(request("username"),"&")>0 or
Instr(request("username"),";")>0 or
Instr(request("username"),",")>0 or
Instr(request("username"),"'")>0 or
Instr(request("username"),"?")>0 or
Instr(request("username"),chr(34))>0 or
Instr(request("username"),chr(9))>0 or
Instr(request("username")," ")>0 or
Instr(request("username"),"$")>0 or
Instr(request("username"),">")>0 or
Instr(request("username"),"<")>0 or
Instr(request("username"),"""")>0 then
response.write "<script language=""javascript"">"
response.write "parent.alert('很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..');"
response.write "self.location.href='default.asp';"
response.write "</script>"
response.end
end if到此这篇关于asp实现防止从外部提交数据的三种方法的文章就介绍到这了,更多相关asp判断外部提交数据内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!