再nginx集群内设置防盗链

设置防盗链的filter

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

            throws IOException, ServletException {
            HttpServletRequest req = (HttpServletRequest) request;
            HttpServletResponse resp = (HttpServletResponse) response;
            String referer = req.getHeader("referer");
            if(null != referer && referer.trim().startsWith("http://localhost:8080/baidu")){
                 System.out.println("正常页面请求");
                 chain.doFilter(req, resp);
            }else{
                 System.out.println("盗链");
                 req.getRequestDispatcher("/html/error.html").forward(req, resp);
            }
 }

最核心的其实也就是这句  String referer = req.getHeader("referer");

再来看看绕过防盗链的措施

使用iframe方法

<script>window.sc="<img src=http://www.mamicode.com/‘http://cdn.archdaily.net/wp-content/uploads/2011/06/1309476244-elicium-rai-01-528x351.jpg?"+Math.random()+"‘>";</script>  
<iframe id="imiframe" src="javascript:parent.sc" style="border:none; overflow: hidden;" scrolling="no" frameborder="0" onload="javascript:var x=document.getElementById(‘imiframe‘).contentWindow.document.images[0];this.width=x.width+10;this.height=x.height+10;"></iframe>

使用代码加入header里的refer

def getHttpFile(address,filename){
 

  def f = new File(filename)
   if(f.exists()){
       return;
   }
   def file = new FileOutputStream(filename)
   def out = new BufferedOutputStream(file)
   println ‘Download file: ‘ + filename
   def url = new URL(address)
   def urlConn = url.openConnection()
  urlConn.setRequestProperty(‘Referer‘,xxxxxx‘)  //xxx为要访问的目标网站
   urlConn.connect()
   out << urlConn.getInputStream()
   println ‘Download over: ‘ + filename
   out.close()
}

都是从header里做手脚

防盗链设置及一些绕过防盗链的方法