阻止直接访问节点js中的html页面 [英] Prevent direct access to html page in node js

查看:297
本文介绍了阻止直接访问节点js中的html页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想阻止用户直接输入页面的URL,并引导到页面。
如何在节点中实现此功能?
我知道在Web应用程序放置文件在WEB-INF文件夹下,阻止直接访问它们。

I would like to prevent the user from directly typing in the url of the page and getting led to the page. How can I achieve this functionality in node ? I know that in web applications placing the files under the WEB-INF folder prevent direct access to them.

推荐答案

如果您使用 Express ,您可以使用这样的内容检查中间件的引用者,您应根据需要进一步调整您的确切目的:

If you are using Express you can check referer in middleware with something like this, which you should adapt further as needed for your exact purposes:

var express = require('express')
var app = express()

permittedLinker = ['localhost', '127.0.0.1'];  // who can link here?

app.use(function(req, res, next) {
  var i=0, notFound=1, referer=req.get('Referer');

  if ((req.path==='/') || (req.path==='')) next(); // pass calls to '/' always

  if (referer){
      while ((i<permittedLinker.length) && notFound){
      notFound= (referer.indexOf(permittedLinker[i])===-1);
      i++;
      }
  }

  if (notFound) { 
     res.status(403).send('Protected area. Please enter website via www.mysite.com');
  } else {
    next(); // access is permitted, go to the next step in the ordinary routing
  }
});

app.get('/', function(req,res){
    res.send('<p>Hello.  You are at the main page. </p><a href="page2">page 2</a>');
});

app.get('/page2', function(req,res){
    res.send('<p>You are at page 2</p>');
});

app.listen(3000);  // test at http://localhost:3000



测试(和对策)



我们可以得到主页吗?

wget http://localhost:3000/

--2014-10-10 04:01:18--  http://localhost:3000/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 
200 OK
Length: 67 [text/html]
Saving to: ‘index.html’

我们可以直接获得第二页吗?

Can we get the second page directly? No

wget http://localhost:3000/page2
--2014-10-10 04:04:34--  http://localhost:3000/page2
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-10-10 04:04:34 ERROR 403: Forbidden.

我们可以从第一页获取第二页吗?

Can we get the second page from the first page? Yes

 wget --referer="http://localhost" http://localhost:3000/page2
--2014-10-10 04:05:32--  http://localhost:3000/page2
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 
200 OK
Length: 24 [text/html]
Saving to: ‘page2’

任何脚本小孩都可以学习使用wget --referer来击败这个保护方案吗?

Can any script kiddie learn to use wget --referer to defeat this "protection" scheme?

是的。它只阻挡了诚实的人。不是真正想要内容的人。

这篇关于阻止直接访问节点js中的html页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆