referer in http request

When the browser sends an http request to the web server, the server wraps the http request into a request object, which includes the referer, which means to tell the server where the request comes from. For example, if a hyperlink is inserted in a web page to link to other web pages, then when the hyperlink is clicked to link to another page, it is equivalent to the browser sending an http request to the web server, for another page. , this referer is the URL of the previous page, and for the way of directly entering the URL from the address bar or refreshing the web page, the referer = null, setting this referer can prevent the problem of hotlinking

Look at the following code, for example, I directly enter the address from the browser's address bar: http://localhost:8080/Servlet1/MainFrame, and then click the Enter key, it will output: illegal intrusion

[java]  view plain copy  

1. package com.mx.view;  
2.   
3. import java.io.IOException;  
4. import java.io.PrintWriter;  
5.   
6. import javax.servlet.ServletException;  
7. import javax.servlet.http.HttpServlet;  
8. import javax.servlet.http.HttpServletRequest;  
9. import javax.servlet.http.HttpServletResponse;  
10.   
11. publicclass MainFrame extends HttpServlet {   
12.   
13.       
14.     publicvoid doGet(HttpServletRequest request, HttpServletResponse response)   
15.             throws ServletException, IOException {  
16.         response.setContentType("text/html;charset=utf-8");  
17.         PrintWriter out = response.getWriter();  
18.         String referer=response.getHeader("Referer");  
19.         if(referer==null||!referer.startsWith("http://localhost:8080/Servlet1")){  
20.             response.sendRedirect("/Servlet1/Error");  
21.         }else{  
22.             out.println( "Legal view!" );  
23.         }  
24.         response.setContentType("text/html;charset=utf-8");  
25.       
26.         out.println( "<h1>Login interface</h1>" );  
27.           
28.     }  
29.       
30.     publicvoid doPost(HttpServletRequest request, HttpServletResponse response)   
31.             throws ServletException, IOException {  
32.   
33.         this.doGet(request, response);  
34.     }  
35.   
36. }  

The if statement is to judge whether the referer is legal, that is, if the referer is empty, or the source URL of the referer does not start with: http://localhost:8080/Servlet1 (that is, it is not through the hyperlink in this site), Then it will jump to the error page of Error below, if it is accessed within this site, it is possible

[java]  view plain copy  

1. package com.mx.view;  
2.   
3. import java.io.IOException;  
4. import java.io.PrintWriter;  
5.   
6. import javax.servlet.ServletException;  
7. import javax.servlet.http.HttpServlet;  
8. import javax.servlet.http.HttpServletRequest;  
9. import javax.servlet.http.HttpServletResponse;  
10.   
11. public class Error extends HttpServlet {  
12.   
13.       
14.     public void doGet(HttpServletRequest request, HttpServletResponse response)  
15.             throws ServletException, IOException {  
16.   
17.         response.setContentType("text/html;charset=utf-8");  
18.         PrintWriter out = response.getWriter();  
19.           
20.         out.println("非法入侵");  
21.           
22.     }  
23.   
24.       
25.     publicvoid doPost(HttpServletRequest request, HttpServletResponse response)   
26.             throws ServletException, IOException {  
27.   
28.         this.doGet(request, response);  
29.     }  
30.   
31. }  

Attached Servlet1 project directory map: