ASP, PHP and. Net forge http-refer method and prevent forge refer method

Time:2020-1-14

Http-refer is becoming more and more unreliable. It’s just something that can be forged.
The following are the forgery methods:
ASP:

Copy codeThe code is as follows:
dim http  
Set HTTP = server.createobject (“msxml2. Xmlhttp”) ‘/ / msxml2.serverxmlhttp can also
Http.open “GET”,url,false  
Http.setRequestHeader “Referer”,”http://www.dc9.cn/”  
Http.send()  

PHP (if curl is installed):

Copy codeThe code is as follows:
$ch = curl_init(); 
curl_setopt ($ch, CURLOPT_URL, “http://www.dc9.cn/xxx.asp“); 
curl_setopt ($ch, CURLOPT_REFERER, “http://www.dc9.cn/”); 
curl_exec ($ch); 
curl_close ($ch); 

PHP (sock without curl)

Copy codeThe code is as follows:
$server = ‘www.dc9.cn’; 
$host    = ‘www.dc9.cn’; 
$target  = ‘/xxx.asp’; 
$referer = ‘http://www.dc9.cn/’;    // Referer 
$port    = 80; 
$fp = fsockopen($server, $port, $errno, $errstr, 30); 
if (!$fp)  

   echo “$errstr ($errno)<br />\n”; 
}  
else  

        $out = “GET $target HTTP/1.1\r\n”; 
        $out .= “Host: $host\r\n”; 
        $out .= “Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEG\r\n”; 
        $out .= “Referer: $referer\r\n”; 
        $out .= “Connection: Close\r\n\r\n”; 
        fwrite($fp, $out); 
        while (!feof($fp))  
        { 
                echo fgets($fp, 128); 
        } 
        fclose($fp); 

VB.NET/C#.NET

Copy codeThe code is as follows:
Dim oXMLHttp As MSXML2.XMLHTTP30 = New MSXML2.XMLHTTP30() 
Or
MSXML2.XMLHTTP30 oXMLHttp = new MSXML2.XMLHTTP30(); 
oXMLHttp.open(…. 
oXMLHttp.setRequestHeader(… 
oXMLHttp.send(.. 
javascript 
Xmlhttp.setrequestheader (“referer”, “http: / / URL”); / /??? ~ fake ~

JS does not support^_^
The principle is that sock constructs HTTP header to SendData. Other languages, such as Perl,
At present, a relatively simple method to prevent forgery of referers is to use the verification code (session).
Now there are some commercial companies that can guard against theft chain software, such as uudog, LINKGATE, virtualwall and so on, which are all developed and applied to DLL on IIS.
Some use cookies verification and thread control, some can randomly generate file names and then rewrite URLs. Some methods can achieve good results
However, there is a way to solve these skills.