IDC资讯中心
如果您对httpmodule的编成非常熟悉那么可以向下进行了
一。 先把配置文件从web.config内移出为了不让web.config变的非常臃肿,我们将配置文件从web.config内移出
假设我们的多域名绑定配置文件为“mulitdomain.config“
将rewriterconfiguration.cs的public static rewriterconfiguration getconfig()方法
修改如下:
////// 从xml配置文件中返回重写信息 /// ///rewriterconfiguration public static rewriterconfiguration getconfig() { rewriterconfiguration config = (rewriterconfiguration) boovoocache.get(cachekey); if(config == null) { // 2005-08-18 wu meibo update the config file to siteurls.config // httpcontext.current.cache.insert("rewriterconfig", configurationsettings.getconfig("rewriterconfig")); ///************************************************************************************ /// /// author:活靶子,huobazi /// date:2005-08-18 /// /// description:将配置文件移到单独的文件内,更新以下代码,原代码(上一行)停止工作 /// ///************************************************************************************ string filepath = string.empty; if(httpcontext.current != null) { filepath = httpcontext.current.server.mappath("~/mulitdomain.config"); } else { filepath = directory.getcurrentdirectory() + path.directoryseparatorchar + "mulitdomain.config"; } xmlserializer ser = new xmlserializer(typeof(rewriterconfiguration)); filestream filereader = new filestream(filepath, filemode.open, fileaccess.read, fileshare.read); streamreader reader = new streamreader(filereader); config = (ser.deserialize(reader)) as rewriterconfiguration; reader.close(); filereader.close(); if (file.exists(filepath)) { cachedependency dep = new cachedependency(filepath); boovoocache.max(cachekey,config,dep); boovoocache.resetfactor(config.cachefactor); } } return config; }
二。做一些修补
rewritermodule.cs内
public virtual void init(httpapplication app)
{
///**********************************************************************************
/// author:活靶子,huobazi
/// date:2005-08-18
/// description:增加beginrequest,在内增加防止黑客可能利用的某些url漏洞攻击的代码
///**********************************************************************************
app.beginrequest += new eventhandler(this.rewritermodule_beginrequest);
// 警告!此代码不适用于 windows 身份验证!
// 如果使用 windows 身份验证,
// 请改为 app.beginrequest
app.authorizerequest += new eventhandler(this.rewritermodule_authorizerequest);
}
protected virtual void rewritermodule_beginrequest(object o , eventargs e)
{
httpapplication app = ((httpapplication)(o));
httpserverutility server = app.server;
httprequest request = app.request;
///************************************************************
/// author:活靶子,huobazi
/// date:2005-08-18
/// description:修补黑客可能采用".."的方法进入其他目录的问题
///************************************************************
string strurl = server.urldecode(request.rawurl);
if (strurl.indexof("..") != -1)
{
throw new httpexception(404, "not found");
}
///**********************************************************************************
/// author:活靶子,huobazi
/// date:2005-08-18
/// description:修补"规范化"问题 see: http://support.microsoft.com/?kbid=887459
///***********************************************************************************
if (request.path.indexof(\\) >= 0 ||
path.getfullpath(request.physicalpath) != request.physicalpath)
{
throw new httpexception(404, "not found");
}
}
三。开始匹配域名
protected void rewrite(string requestedpath, system.web.httpapplication app)
{
string host = app.context.request.url.host.tostring().tolower();
app.context.trace.write("rewritermodule", "entering modulerewriter");
rewriterrulecollection rules = rewriterconfiguration.getconfig().rules;
for(int i = 0; i < rules.count; i++)
{//将mulitdomain.config内定义的规则lookfor的值逐个匹配当前主机名判断否被定义了需要重写
//如果匹配则需要重写,那将请求重写到sendto定义的目录内的该文件
string lookfor = "^" + rules[i].lookfor + "$";
//string lookfor = "^" + rewriter.resolveurl(app.context.request.applicationpath, rules[i].lookfor + requestedpath) + "$";
regex re = new regex(lookfor, regexoptions.ignorecase);
if (re.ismatch(host))
{
string sendtourl = rewriter.resolveurl(app.context.request.applicationpath, rules[i].sendto + requestedpath);
app.context.trace.write("rewritermodule", "rewriting url to " + sendtourl);
rewriter.rewriteurl(app.context, sendtourl);
break;
}
}
app.context.trace.write("rewritermodule", "exiting modulerewriter");
}
四。写规则文件
mulitdomain.config的匹配规则如下:
<?xml version=”1.0″ encoding=”utf-8″ ?>
<rewriterconfig>
<rules>
<rewriterrule>
<lookfor>www\.xaradio\.com</lookfor>
<sendto>~/xaradio</sendto>
</rewriterrule>
<rewriterrule>
<lookfor>xaradio\.com</lookfor>
<sendto>~/xaradio</sendto>
</rewriterrule>
</rules>
</rewriterconfig>
<rewriterconfig>
<rules>
<rewriterrule>
<lookfor>www\.xaradio\.com</lookfor>
<sendto>~/xaradio</sendto>
</rewriterrule>
<rewriterrule>
<lookfor>xaradio\.com</lookfor>
<sendto>~/xaradio</sendto>
</rewriterrule>
</rules>
</rewriterconfig>
最后说明一下,根目录下一定要有一个default.aspx如果你的所有域名都按照这种方式“绑定”那么根目录下放置一个空default.aspx就可以,该文件来“欺骗iis” ,防止直接使用域名访问的时候iis查找不到default或者index文件就报404错误,等到该检查过去之后权利已经移交到aspnet_isapi.dll那里了。
