Http-refer is becoming more and more unreliable. It’s just something that can be forged.
The following are the forgery methods:
Set HTTP = server.createobject (“msxml2. Xmlhttp”) ‘/ / msxml2.serverxmlhttp can also
PHP (if curl is installed):
curl_setopt ($ch, CURLOPT_URL, “http://www.dc9.cn/xxx.asp“);
curl_setopt ($ch, CURLOPT_REFERER, “http://www.dc9.cn/”);
PHP (sock without curl)
$host = ‘www.dc9.cn’;
$target = ‘/xxx.asp’;
$referer = ‘http://www.dc9.cn/’; // Referer
$port = 80;
$fp = fsockopen($server, $port, $errno, $errstr, 30);
echo “$errstr ($errno)<br />\n”;
$out = “GET $target HTTP/1.1\r\n”;
$out .= “Host: $host\r\n”;
$out .= “Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEG\r\n”;
$out .= “Referer: $referer\r\n”;
$out .= “Connection: Close\r\n\r\n”;
echo fgets($fp, 128);
MSXML2.XMLHTTP30 oXMLHttp = new MSXML2.XMLHTTP30();
Xmlhttp.setrequestheader (“referer”, “http: / / URL”); / /??? ~ fake ~
JS does not support^_^
The principle is that sock constructs HTTP header to SendData. Other languages, such as Perl,
At present, a relatively simple method to prevent forgery of referers is to use the verification code (session).
Now there are some commercial companies that can guard against theft chain software, such as uudog, LINKGATE, virtualwall and so on, which are all developed and applied to DLL on IIS.
However, there is a way to solve these skills.