为了防止盗链、有效控制下载权限和隐藏下载路径,我在网上搜到了下面的代码(已经精简):
下载界面页:
<%Response.Buffer = true%>
<HTML>
<HEAD>
</HEAD>
<%
Dim x
Response.Write "下载地址:<br><br>"
Randomize
x = int(rnd()*1000)
Response.Write "<a href='download.asp?id=" & 1*x & "'>文件名称.doc</a>"
'这里只是简单的运算,呵呵,这已经足够了。
Response.Cookies("secret") = x
%>
</BODY>
</HTML>
下载处理页面:
<%
Dim secret, id
Response.Buffer = true
if Request.cookies("secret") = "" then Response.End
if not Isnumeric(request.cookies("secret")) then Response.End
'这里对传递过来的值没有多加判断,只是为了节省篇幅
secret = clng(Request.Cookies("secret"))
id = clng(Request.QueryString("id"))
if id/secret = 1 then
Response.AddHeader "content-type","application/x-msdownload"
Response.AddHeader "Content-Disposition","attachment;filename=文件名称.doc"
Server.Transfer "upload/文件名称.doc"
else
Response.Write "Error!"
end if
%>
结果测试,当下载文件超过1M左右就没有反应了
xp2 IIS5.1 IE6
