UrlHelper幫助類:
得到主機(jī)頭
SQL注入驗(yàn)證方法
獲取當(dāng)前請求的原始URL
獲得當(dāng)前頁面客戶端的IP
判斷是否來自搜索引擎鏈接
獲取操作系統(tǒng)信息和瀏覽器具體信息
判斷是否是跨站提交
判斷當(dāng)前訪問是否來自瀏覽器軟件 等等
UrlHelper源碼下載
/// <summary>
/// 開發(fā)團(tuán)隊(duì):JsonsTeam
/// 官方主頁:http://hnxxbl.cn
/// </summary>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Text.RegularExpressions;
using Microsoft.Win32;
using System.Management;
namespace JsonsTeamUtil.Helper
{
public class UrlHelper
{
/// <summary>
/// 獲得當(dāng)前頁面客戶端的IP
/// 可以提取開啟代理/cdn服務(wù)后的客戶端真實(shí)IP
/// </summary>
/// <returns>當(dāng)前頁面客戶端的真實(shí)IP</returns>
public static string GetTrueIP()
{
string ip = string.Empty;
string X_Forwarded_For = HttpContext.Current.Request.Headers["X-Forwarded-For"];
if (!string.IsNullOrWhiteSpace(X_Forwarded_For))
{
ip = X_Forwarded_For;
}
else
{
string CF_Connecting_IP = HttpContext.Current.Request.Headers["CF-Connecting-IP"];
if (!string.IsNullOrWhiteSpace(CF_Connecting_IP))
{
ip = CF_Connecting_IP;
}
else
{
//沒開啟代理 正常獲取ip
ip = HttpContext.Current.Request.UserHostAddress;
}
}
return ip;
}
/// <summary>
/// 判斷當(dāng)前頁面是否接收到了Post請求
/// </summary>
/// <returns>是否接收到了Post請求</returns>
public static bool IsPost()
{
return HttpContext.Current.Request.HttpMethod.Equals("POST");
}
/// <summary>
/// 判斷當(dāng)前頁面是否接收到了Get請求
/// </summary>
/// <returns>是否接收到了Get請求</returns>
public static bool IsGet()
{
return HttpContext.Current.Request.HttpMethod.Equals("GET");
}
/// <summary>
/// 當(dāng)前頁面請求類型
/// </summary>
/// <returns></returns>
public static string GetHttpMethod()
{
return HttpContext.Current.Request.HttpMethod;
}
/// <summary>
/// 返回指定的服務(wù)器變量信息
/// </summary>
/// <param name="strName">服務(wù)器變量名</param>
/// <returns>服務(wù)器變量信息</returns>
public static string GetServerString(string strName)
{
//
if (HttpContext.Current.Request.ServerVariables[strName] == null)
{
return "";
}
return HttpContext.Current.Request.ServerVariables[strName].ToString();
}
/// <summary>
/// 返回上一個頁面的地址
/// </summary>
/// <returns>上一個頁面的地址</returns>
public static string GetUrlReferrer()
{
string retVal = null;
try
{
retVal = HttpContext.Current.Request.UrlReferrer.ToString();
}
catch { }
if (retVal == null)
return "";
return retVal;
}
/// <summary>
/// 得到當(dāng)前完整主機(jī)頭
/// </summary>
/// <returns></returns>
public static string GetCurrentFullHost()
{
HttpRequest request = System.Web.HttpContext.Current.Request;
if (!request.Url.IsDefaultPort)
{
return string.Format("{0}:{1}", request.Url.Host, request.Url.Port.ToString());
}
return request.Url.Host;
}
/// <summary>
/// 得到主機(jī)頭
/// </summary>
/// <returns></returns>
public static string GetHost()
{
return HttpContext.Current.Request.Url.Host;
}
/// <summary>
/// 獲取當(dāng)前請求的原始 URL(URL 中域信息之后的部分,包括查詢字符串(如果存在))
/// </summary>
/// <returns>原始 URL</returns>
public static string GetRawUrl()
{
return HttpContext.Current.Request.RawUrl;
}
/// <summary>
/// 判斷當(dāng)前訪問是否來自瀏覽器軟件
/// </summary>
/// <returns>當(dāng)前訪問是否來自瀏覽器軟件</returns>
public static bool IsBrowserGet()
{
string[] BrowserName = { "ie", "opera", "netscape", "mozilla", "konqueror", "firefox" };
string curBrowser = HttpContext.Current.Request.Browser.Type.ToLower();
for (int i = 0; i < BrowserName.Length; i )
{
if (curBrowser.IndexOf(BrowserName[i]) >= 0)
{
return true;
}
}
return false;
}
/// <summary>
/// 判斷當(dāng)前訪問來自什么瀏覽器軟件
/// </summary>
/// <returns>判斷當(dāng)前訪問來自什么瀏覽器軟件</returns>
public static string GetBrowserStr()
{
string BrowserStr = string.Empty;
HttpBrowserCapabilities hbc = HttpContext.Current.Request.Browser;
string browserType = hbc.Browser.ToString(); //獲取瀏覽器類型
string browserVersion = hbc.Version.ToString(); //獲取版本號
BrowserStr = browserType browserVersion;
return BrowserStr;
}
/// <summary>
/// 獲取操作系統(tǒng)信息和瀏覽器具體信息
/// </summary>
/// <returns></returns>
public static string GetAgentStr()
{
return HttpContext.Current.Request.ServerVariables["HTTP_USER_AGENT"];
}
/// <summary>
/// 返回當(dāng)前頁面是否是跨站提交
/// </summary>
/// <returns>當(dāng)前頁面是否是跨站提交</returns>
public static bool IsCrossSitePost()
{
// 如果不是提交則為true
if (!UrlHelper.IsPost())
{
return true;
}
return IsCrossSitePost(UrlHelper.GetUrlReferrer(), UrlHelper.GetHost());
}
/// <summary>
/// 判斷是否是跨站提交
/// </summary>
/// <param name="urlReferrer">上個頁面地址</param>
/// <param name="host">論壇url</param>
/// <returns></returns>
public static bool IsCrossSitePost(string urlReferrer, string host)
{
if (urlReferrer.Length < 7)
{
return true;
}
Uri u = new Uri(urlReferrer);
return u.Host != host;
}
/// <summary>
/// 判斷是否來自搜索引擎鏈接
/// </summary>
/// <returns>是否來自搜索引擎鏈接</returns>
public static bool IsSearchEnginesGet()
{
if (HttpContext.Current.Request.UrlReferrer == null)
{
return false;
}
string[] SearchEngine = { "google", "yahoo", "msn", "baidu", "sogou", "sohu", "sina", "163", "lycos", "tom", "yisou", "iask", "soso", "gougou", "zhongsou" };
string tmpReferrer = HttpContext.Current.Request.UrlReferrer.ToString().ToLower();
for (int i = 0; i < SearchEngine.Length; i )
{
if (tmpReferrer.IndexOf(SearchEngine[i]) >= 0)
{
return true;
}
}
return false;
}
/// <summary>
/// 判斷來自什么搜索引擎鏈接
/// </summary>
/// <returns>判斷來自什么搜索引擎鏈接</returns>
public static string GetSearchEnginesGet()
{
if (HttpContext.Current.Request.UrlReferrer == null)
{
return "不是通過搜索引擎進(jìn)入的";
}
string[] SearchEngine = { "google", "yahoo", "msn", "baidu", "sogou", "sohu", "sina", "163", "lycos", "tom", "yisou", "iask", "soso", "gougou", "zhongsou" };
string tmpReferrer = HttpContext.Current.Request.UrlReferrer.ToString().ToLower();
for (int i = 0; i < SearchEngine.Length; i )
{
if (tmpReferrer.IndexOf(SearchEngine[i]) >= 0)
{
return SearchEngine[i];
}
}
return "不是通過搜索引擎進(jìn)入的";
}
/// <summary>
/// 獲得當(dāng)前完整Url地址
/// </summary>
/// <returns>當(dāng)前完整Url地址</returns>
public static string GetUrl()
{
return HttpContext.Current.Request.Url.ToString();
}
/// <summary>
/// 獲得指定Url參數(shù)的值
/// </summary>
/// <param name="strName">Url參數(shù)</param>
/// <returns>Url參數(shù)的值</returns>
public static string GetQueryString(string strName)
{
if (HttpContext.Current.Request.QueryString[strName] == null)
{
return String.Empty;
}
return HttpContext.Current.Request.QueryString[strName];
}
/// <summary>
/// 獲得當(dāng)前頁面的名稱
/// </summary>
/// <returns>當(dāng)前頁面的名稱</returns>
public static string GetPageName()
{
string[] urlArr = HttpContext.Current.Request.Url.AbsolutePath.Split('/');
return urlArr[urlArr.Length - 1].ToLower();
}
/// <summary>
/// 返回表單或Url參數(shù)的總個數(shù)
/// </summary>
/// <returns></returns>
public static int GetParamCount()
{
return HttpContext.Current.Request.Form.Count HttpContext.Current.Request.QueryString.Count;
}
/// <summary>
/// 獲得指定表單參數(shù)的值
/// </summary>
/// <param name="strName">表單參數(shù)</param>
/// <returns>表單參數(shù)的值</returns>
public static string GetFormString(string strName)
{
if (HttpContext.Current.Request.Form[strName] == null)
{
return "";
}
return HttpContext.Current.Request.Form[strName];
}
/// <summary>
/// 獲得Url或表單參數(shù)的值, 先判斷Url參數(shù)是否為空字符串, 如為True則返回表單參數(shù)的值
/// </summary>
/// <param name="strName">參數(shù)</param>
/// <returns>Url或表單參數(shù)的值</returns>
public static string GetString(string strName)
{
if ("".Equals(GetQueryString(strName)))
{
return GetFormString(strName);
}
else
{
return GetQueryString(strName);
}
}
//QueryString 數(shù)據(jù)檢測GET惡意數(shù)據(jù)
private const string StrKeyWord = @".*(select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and).*";
private const string StrRegex = @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']";
/// <summary>
/// 獲取Post的數(shù)據(jù)
/// </summary>
public static string ValidUrlPostData()
{
bool result = false;
string res = string.Empty;
for (int i = 0; i < HttpContext.Current.Request.Form.Count; i )
{
result = ValidData(HttpContext.Current.Request.Form[i].ToString());
if (result)
{
res = "檢測出POST惡意數(shù)據(jù): 【" HttpContext.Current.Request.Form[i].ToString() "】 URL: 【" HttpContext.Current.Request.RawUrl "】來源: 【" HttpContext.Current.Request.UserHostAddress "】";
break;
}//如果檢測存在漏洞
}
return res;
}
/// <summary>
/// 獲取QueryString中的數(shù)據(jù)
/// </summary>
public static string ValidUrlGetData()
{
bool result = false;
string res = string.Empty;
for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i )
{
result = ValidData(HttpContext.Current.Request.QueryString[i].ToString());
if (result)
{
res = "檢測出GET惡意數(shù)據(jù): 【" HttpContext.Current.Request.QueryString[i].ToString() "】 URL: 【" HttpContext.Current.Request.RawUrl "】來源: 【" HttpContext.Current.Request.UserHostAddress "】";
break;
}//如果檢測存在漏洞
}
return res;
}
/// <summary>
/// 驗(yàn)證是否存在注入代碼
/// </summary>
/// <param name="inputData"></param>
public static bool ValidData(string inputData)
{
//里面定義惡意字符集合
//驗(yàn)證inputData是否包含惡意集合
if (Regex.IsMatch(inputData.ToLower(), GetRegexString()))
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// 獲取正則表達(dá)式
/// </summary>
/// <param name="queryConditions"></param>
/// <returns></returns>
private static string GetRegexString()
{
//構(gòu)造SQL的注入關(guān)鍵字符
string[] strBadChar =
{
"and"
,"exec"
,"insert"
,"select"
,"delete"
,"update"
,"count"
,"from"
,"drop"
,"asc"
,"char"
,"or"
,"%"
,";"
,":"
,"\'"
,"\""
,"-"
,"chr"
,"mid"
,"master"
,"truncate"
,"char"
,"declare"
,"SiteName"
,"net user"
,"xp_cmdshell"
,"/add"
,"exec master.dbo.xp_cmdshell"
,"net localgroup administrators"
};
//構(gòu)造正則表達(dá)式
string str_Regex = ".*(";
for (int i = 0; i < strBadChar.Length - 1; i )
{
str_Regex = strBadChar[i] "|";
}
str_Regex = strBadChar[strBadChar.Length - 1] ").*";
return str_Regex;
}
#region 判斷請求來源是否在允許的域名中
/// <summary>
/// 判斷請求來源是否允許,允許則返回true
/// </summary>
public static bool IsAllowDomain
{
get
{
if (HttpContext.Current.Request.UrlReferrer == null) return false;
string reqDomain = HttpContext.Current.Request.UrlReferrer.Host.ToLower();
return isAllowUrl(reqDomain);
}
}
/// <summary>
/// 判斷請求來源是否允許
/// </summary>
/// <param name="url"></param>
/// <returns></returns>
public static bool isAllowUrl(string url)
{
string[] AllowDomains = new string[] {
"jsons.cn"
};
foreach (string str in AllowDomains)
{
if (url.EndsWith(str)) return true;
}
return false;
}
#endregion
/// <summary>
/// 獲取CPU的ID
/// </summary>
/// 需要引用dll:System.Management
/// <returns></returns>
public static string GetCPUId()
{
string strCpuID = "";
try
{
ManagementClass mc = new ManagementClass("Win32_Processor");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
strCpuID = mo.Properties["ProcessorId"].Value.ToString();
break;
}
}
catch
{
strCpuID = "網(wǎng)絡(luò)請求出錯了 ,請換一種方法吧";//默認(rèn)給出一個
}
return strCpuID;
}
/// <summary>
/// 獲取CPU的名稱
/// </summary>
/// <returns></returns>
public static string GetCPUName()
{
RegistryKey rk = Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor\0");
object obj = rk.GetValue("ProcessorNameString");
string CPUName = (string)obj;
return CPUName.TrimStart();
}
/// <summary>
/// 獲取url重寫后的地址
/// </summary>
/// <returns></returns>
public static string GetUrlStr()
{
return HttpContext.Current.Request.Url.AbsoluteUri;
}
}
}
原文鏈接:UrlHelper幫助類庫,UrlHttp操作類大全,SQL注入驗(yàn)證方法