防止直接访问节点js中的html页面
我想阻止用户直接input页面的URL,并导致页面。 我如何在节点中实现这个function? 我知道,在Web应用程序中,将这些文件放在WEB-INF文件夹下可以防止直接访问它们。
如果你使用的是Express你可以使用类似的东西来检查中间件中的引用者,为了确切的目的,你可以根据需要进一步调整:
var express = require('express') var app = express() permittedLinker = ['localhost', '127.0.0.1']; // who can link here? app.use(function(req, res, next) { var i=0, notFound=1, referer=req.get('Referer'); if ((req.path==='/') || (req.path==='')) next(); // pass calls to '/' always if (referer){ while ((i<permittedLinker.length) && notFound){ notFound= (referer.indexOf(permittedLinker[i])===-1); i++; } } if (notFound) { res.status(403).send('Protected area. Please enter website via www.mysite.com'); } else { next(); // access is permitted, go to the next step in the ordinary routing } }); app.get('/', function(req,res){ res.send('<p>Hello. You are at the main page. </p><a href="page2">page 2</a>'); }); app.get('/page2', function(req,res){ res.send('<p>You are at page 2</p>'); }); app.listen(3000); // test at http://localhost:3000
testing(和对策)
我们能得到主页吗? 是
wget http://localhost:3000/ --2014-10-10 04:01:18-- http://localhost:3000/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:3000... connected. HTTP request sent, awaiting response... 200 OK Length: 67 [text/html] Saving to: 'index.html'
我们可以直接得到第二页吗? 没有
wget http://localhost:3000/page2 --2014-10-10 04:04:34-- http://localhost:3000/page2 Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:3000... connected. HTTP request sent, awaiting response... 403 Forbidden 2014-10-10 04:04:34 ERROR 403: Forbidden.
我们能从第一页得到第二页吗? 是
wget --referer="http://localhost" http://localhost:3000/page2 --2014-10-10 04:05:32-- http://localhost:3000/page2 Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:3000... connected. HTTP request sent, awaiting response... 200 OK Length: 24 [text/html] Saving to: 'page2'
任何脚本小孩可以学习使用wget –referer来打败这个“保护”计划吗?
是。 它只阻止诚实的人。 不是真正想要内容的人。