ASP禁止指定IP访问方法
最近给一公司做网络办公系统,企业OA对于安全要求,测试期间,用的是第三方网络,考虑到安全问题。做过数据库安全后
还是做个IP判断,加强下安全!数据库防下载绝对安全,不是指定的IP根本打不开网页,想想,隐患目前也只有服务器,和跨站了。
指定某些特定IP可以访问,代码如下:
<%
Dim IP,IPString,VisitIP
'设置允许访问的IP地址,用“|”隔开
IPString="|192.168.1.100|192.168.0.101|192.168.1.102|"
'获取IP地址
IP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IP = "" Then
IP = Request.ServerVariables("REMOTE_ADDR")
End If
VisitIP="|"&IP&"|"
If instr(1,IPString,VisitIP)<0 Then
'符合禁止的IP执行相应的操作
Response.write "您所在的IP禁止访问"
response.end
End If
%>
上述代码中的IP为允许访问。
如果是指定IP禁止访问,修改下判断函数即可
<%
Dim IP,IPString,VisitIP
'设置IP地址,用“|”隔开
IPString="|192.168.0.42|192.168.0.41|192.168.1.111|192.168.1.101|"
'获取IP地址
IP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IP = "" Then
IP = Request.ServerVariables("REMOTE_ADDR")
End If
VisitIP="|"&IP&"|"
If instr(1,IPString,VisitIP)>0 Then
'符合的IP执行相应的操作
Response.write "您所在的IP可以访问"
else
'不符合的IP执行相应的操作
Response.write "<script>alert('您所在的IP禁止访问');</script>"
response.end
End If
%>
以上代码复制粘贴另存为为:IP.asp
将以下添加到需要调用判断的动态页面中
<!-- #include file="IP.asp" -->
附:ASP怎么区分电信还是联通,做出判断,虽说对于使用cname的域名来说没必要,但是有学习价值,就添加上来了。
<!-- #include file="IP.asp" -->
<%
Class GotoURL
Public url1,url2,CheckUrl,CheckValue,TagS,TagE
Private Function Bologe_GetContent(Url)
Dim Obj
Set obj = Server.CreateObject("MSXML2.XMLHTTP")
With Obj
.Open "POST", Url, false
.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
.Send CheckValue
End With
rr=Obj.Readystate
tt=Obj.ResponseBody
response.write rr
response.write tt
if Obj.Readystate <> 4 then
Set obj = Nothing
Bologe_GetContent = False
Exit Function
end if
Bologe_GetContent = Bologe_ResSTS(Obj.ResponseBody)
response.write Bologe_GetContent
Set obj = Nothing
End Function
Private Function Bologe_ResSTS(Str)
Dim ADOStreamObj
Set ADOStreamObj = Server.CreateObject("Adodb.Stream")
ADOStreamObj.Type = 1
ADOStreamObj.Mode = 3
ADOStreamObj.Open
ADOStreamObj.Write Str
ADOStreamObj.Position = 0
ADOStreamObj.Type = 2
ADOStreamObj.Charset = "GB2312"
Bologe_ResSTS = ADOStreamObj.ReadText
ADOStreamObj.Close
Set ADOStreamObj = Nothing
End Function
Private Function GetContent(Str,StartStr,LastStr,Flag)
On Error Resume next
if Instr(LCase(Str),LCase(StartStr)) > 0 then
Dim regEx,SearchStr,Matches,Matche
Str = Replace(Replace(Str,Chr(13),""),Chr(10),"")
StartStr = Replace(StartStr,"[变量]",".*")
LastStr = Replace(LastStr,"[变量]",".*")
SearchStr = StartStr & ".*" & LastStr
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global=True
regEx.Pattern = SearchStr
Set Matches = regEx.Execute(str)
set Matche = Matches(0)
Select Case Flag
Case 0 '不包括首尾特征字符
GetContent = Matche
regEx.Pattern = StartStr
GetContent = regEx.Replace(GetContent,"")
regEx.Pattern = LastStr & ".*|\n"
GetContent = regEx.Replace(GetContent,"")
Case 1 '包括首尾特征字符
GetContent = Matche
Case 2 '取开始字符后面的所有内容
GetContent = Matche
regEx.Pattern = StartStr
GetContent = regEx.Replace(GetContent,"")
Case else
GetContent = ""
End Select
else
GetContent = ""
end if
if Err then
Err.clear
GetContent = ""
End If
End Function
Public Function Run()
r=Request.Cookies("BologeComFrom")
if r="" or IsEmpty(r) then
r=GetContent(Bologe_GetContent(CheckUrl),TagS,TagE,2)
Response.Cookies("BologeComFrom")=r
end if
if instr(r,"电信")>0 then
Response.Redirect url1
else
Response.Redirect url2
end if
End Function
end class
'-------开始调用了---------------------------------------------------------------------------------
set g = new GotoURL
g.CheckUrl = "http://www.ip138.com/ips8.asp" '获取IP地址的坚持地址(一般不改)
g.CheckValue = "action=2&ip="&request.ServerVariables("REMOTE_ADDR") '用于获取检测必须的(一般不改)
g.TagS = "本站主数据" '用于判断返回信息关键标签的开始部分(一般不改)
g.TagE = "</li>" '用于判断返回信息关键标签的结束部分(一般不改)
g.url1 = "http://cnshark.net" '电信用户跳转URL
g.url2 = "http://13246.com" '非电信用户跳转URL
g.Run
%>
