其他分享
首页 > 其他分享> > http中的反盗链技术的例子实现demo

http中的反盗链技术的例子实现demo

作者:互联网

一、背景

1.接着上一篇的内容继续研究了下http请求的反盗链技术,请参考我的上一篇博文:https://blog.csdn.net/chenmingxu438521/article/details/90641052,在这里我讲解了http协议的基础知识,希望能帮助到你们。

2.起初我用的是idea演示的项目,死活出不来结果,最终我选择了esclipse来研究反盗链,最终把结果演示了出来,困扰了两天的问题终于解决了,用习惯了idea就回不去了的esclipse,好了,下面我们就来讲讲我们今天的内容吧。

二、项目结构图

三、项目demotesta详解

1.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.ysfj</groupId>
  <artifactId>demotesta</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>
  <dependencies>
  	<dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.0.1</version>
      <scope>provided</scope>
    </dependency>
  </dependencies>
</project>

2.web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         id="WebApp_ID" version="3.1">
  <display-name>web</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
</web-app>

3.index.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>A网站</title>
</head>
<body>
     小叮当
     <img alt="" src="imgs/log.png?t=2017-10-10">
     <img alt="" src="imgs/log.png?t=2017-10-10">
     <img alt="" src="imgs/log.png?t=2017-10-11">
     <img alt="" src="imgs/log.png?t=2017-10-10">
     <img alt="" src="imgs/log.png?t=2017-10-28">
     <img alt="" src="imgs/log.png?t=2017-10-10">
</body>
</html>

四、项目demotestb

1.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.ysfj</groupId>
  <artifactId>demotestb</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>
   <dependencies>
  	<dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.0.1</version>
      <scope>provided</scope>
    </dependency>
  </dependencies>
</project>

2.web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         id="WebApp_ID" version="3.1">
  <display-name>web</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>b.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
</web-app>

3.b.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>B网站访问</title>
</head>
<body>
<img alt="" src="http://a.a.com/a/imgs/log.png">
</body>
</html>

总结:这样就可以模拟demotesta项目被demotestb盗用图片的信息了,下面就可以测试了,测试之前为了方便我们还是想这么配置下,其实配置不配置都无所谓了,就是只写域名,也不用写端口号了,这样可能测试的时候方便点,下面我就去讲讲。

五、配置自定义域名和不写端口号的操作

1.本地电脑hosts文件,cd \Windows\System32\drivers\etc,找到hosts文件,就这么配置下(DNS)

2.tomcat目录下的conf/server.xml的配置(这样访问的时候就不用谢端口号了)

3.esclipse中还需要修改下(改写成8080)

六、访问demotesta项目

七、访问demotestb项目

这样就产生了b项目盗用a项目的图片了,这时候就产生了反盗链技术,下面我们讲解下怎么解决这个问题(java)。

八、解决问题

1.在demotesta项目中(新建com.ysfj.filter包)

public class ImgFilter implements Filter {

	public void init(FilterConfig filterConfig) throws ServletException {
		System.out.println("过滤器初始化...");
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		System.out.println("doFilter...");

		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;
		String referer = req.getHeader("referer");
		// 请求服务名称 http://a.a.com
		String serverName = req.getServerName();
		System.out.println("referer:" + referer + ",serverName:" + serverName);
		if (referer == null || !(referer.contains(serverName))) {
              //
			req.getRequestDispatcher("error.png").forward(req, res);
			return ;
		}		
		//放行 
		chain.doFilter(req, res);
	}

	public void destroy() {

	}
}

2.web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         id="WebApp_ID" version="3.1">
  <display-name>web</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>b.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
  <!--添加-->
  <filter>
    <filter-name>ImgFilter</filter-name>
    <filter-class>com.ysfj.filter.ImgFilter</filter-class>
  </filter>
  <filter-mapping>
   <filter-name>ImgFilter</filter-name>
   <url-pattern>/imgs/*</url-pattern>
  </filter-mapping>  
</web-app>

九、启动项目访问

1.后台打印结果

doFilter...
doFilter...
referer:http://a.a.com/a/,serverName:a.a.com
referer:http://a.a.com/a/,serverName:a.a.com
doFilter...
referer:http://a.a.com/a/,serverName:a.a.com
doFilter...
referer:http://b.b.com/b/b.jsp,serverName:a.a.com

2.浏览器访问结果

3.上面的简单的一个例子就解决了问题,这个就是反盗链

十、总结

希望能帮助你们,共勉!!!

标签:index,http,default,demo,serverName,jsp,referer,盗链,com
来源: https://blog.csdn.net/chenmingxu438521/article/details/90710268