如果您正在使用Express您可以在中間件檢查引用者有這樣的事情,它需要你的确切目的,您應該進一步适應:
var express = require('express')
var app = express()
permittedLinker = ['localhost', '127.0.0.1']; // who can link here?
app.use(function(req, res, next) {
var i=0, notFound=1, referer=req.get('Referer');
if ((req.path==='/') || (req.path==='')) next(); // pass calls to '/' always
if (referer){
while ((i
notFound= (referer.indexOf(permittedLinker[i])===-1);
i++;
}
}
if (notFound) {
res.status(403).send('Protected area. Please enter website via www.mysite.com');
} else {
next(); // access is permitted, go to the next step in the ordinary routing
}
});
app.get('/', function(req,res){
res.send('
Hello. You are at the main page.
page 2');
});
app.get('/page2', function(req,res){
res.send('
You are at page 2
');
});
app.listen(3000); // test at http://localhost:3000
測試(與對策)
我們能否擷取首頁? 是
wget http://localhost:3000/
--2014-10-10 04:01:18-- http://localhost:3000/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response...
200 OK
Length: 67 [text/html]
Saving to: ‘index.html’
我們能直接拿到第二頁? 沒有
wget http://localhost:3000/page2
--2014-10-10 04:04:34-- http://localhost:3000/page2
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-10-10 04:04:34 ERROR 403: Forbidden.
我們能否從第一頁獲得的第二頁? 是
wget --referer="http://localhost" http://localhost:3000/page2
--2014-10-10 04:05:32-- http://localhost:3000/page2
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response...
200 OK
Length: 24 [text/html]
Saving to: ‘page2’
可以在任何腳本小子學會使用wget --referer戰勝這種“保護”方案?
是的。它隻會阻止誠實的人。不是真的想要内容的人。