传统的ASP HTTP POST从另一台服务器 [英] Classic ASP HTTP Post from another server

问题描述

我豆蔻困惑，我要保护一个页面在传统的ASP通过GET方法被访问。
难道有人可以从另一台服务器到我的网页发布的数据？

I am litte confused, i want to protect one page in classic asp from being accessed by Get Method. Is it possible that someone can post data from another server to my page?

如果是，如何检测，并只允许后从我的服务器。

If Yes, how to detect that and allow only post from my server.

感谢您的帮助。

推荐答案

如果您正在使用请求（参数名称）来获取参数，那么你应该改变的Request.Form（参数名称），将只得到参数如果它被张贴。

If you are currently using Request("ParameterName") to retrieve parameters then you should change to Request.Form("ParameterName") which will only get the parameter if it was POSTed.

另外，您可以查找用来从Request.ServerVariables集合访问页面，并结束脚本如果没有POST方法。这里有一个例子：

Alternatively you can lookup the method used to access the page from the Request.ServerVariables collection and end the script if it is not POST. Here's an example:

If Request.ServerVariables("REQUEST_METHOD") <> "POST" Then Response.End

我注意到，你也说你只想从你的服务器接受的职位。上述变化将仍然允许另一个网页进行设置张贴到你的页面。如果你想确保只有你的网页可以发布，那么你将需要添加一些更多的保护。下面是做这件事的一种方式。

I noticed that you also said that you want to accept posts only from your server. The above changes will still allow another webpage to be set up to POST to your page. If you want to ensure that only your web page can post then you will need to add some more protection. Here's one way of doing it.

1）当你渲染表单创建一个随机数，并创建由随机数命名的会话变量用值来检查后。

1) When you render your form create a random numbers and create a session variable named by the random number with a value to check for later.

Randomize
strVarName = Int((999999 - 100000 + 1) * Rnd() + 100000)
Session(strVarName) = "Authorised"

2）在表单中添加一个隐藏字段的随机数的值。

2) In your form add a hidden field with the value of the random number.

<input type="hidden" name="varname" value="<%= strVarName %>" />

3）在处理提交的表单获得的隐藏字段的值的脚本。

3) In the script that processes the posted form get the value of the hidden field.

strVarName = Request.Form("varname")

4）检查会话变量设置并具有值为True。

4) Check that the session variable is set and has a value of True.

If Session(strVarName) <> "Authorised" Then
    'Failed! Either show the user an error message or stop processing
    Response.End
End If

5）拆下会话变量使得同样的形式不能被重新提交。

5) Remove the session variable so that the same form cannot be resubmitted.

Session.Items.Remove(strVarName)

您不需要的随机数，但使用这意味着同一用户可以有多种形式在不同的窗口/选项卡中打开，每一个生效。

You don't need the random number but using it means that the same user can have multiple forms open in different windows/tabs and each one will work.

这篇关于传统的ASP HTTP POST从另一台服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！