1#

参考:http://blog.csdn.net/mngzilin/article/details/4959759

在global文件中添加如下代码:

  1.      void Application_BeginRequest(object sender, EventArgs e)    {
  2.         //遍历Post参数,隐藏域除外
  3.         if (Regex.IsMatch(Request.RawUrl.ToLower(), @"/manager/")==false)
  4.             for (int i=0; i < Request.Form.Count;i++)
  5.             {
  6.                 if (Request.Form[i].ToString() == "__VIEWSTATE") continue;
  7.                 if (IsDanger(Request.Form[i].ToString()))
  8.                 {
  9.                     Response.Write("您提交的内容中含有非法字符,已经被拒绝.");
  10.                     Response.End();
  11.                 }            }
  12.         //过滤所有Url中的危险字符串
  13.         if (Request.QueryString.Count > 0 && Regex.IsMatch(Request.RawUrl.ToLower(), @"/.aspx") == true && Regex.IsMatch(Request.RawUrl.ToLower(), @"fckeditor") == false)//如果防止截获fckeditor正常的Url,必须验证".aspx"
  14.         {
  15.             string Temp = "";
  16.             //string Url = Request.Url.AbsoluteUri.Substring(0, Request.Url.AbsoluteUri.LastIndexOf("?"));
  17.             string Url = Request.RawUrl.Substring(0, Request.RawUrl.LastIndexOf("?"));
  18.             for (int i = 0; i < this.Request.QueryString.Count; i++)
  19.             {
  20.                 try
  21.                 {
  22.                     Temp = HandleRequestParam(this.Request.QueryString[i].ToString());
  23.                     Url += i == 0 ? "?" : "&";
  24.                     Url += Request.QueryString.Keys[i].ToString() + "=" + Temp;
  25.                 }
  26.                 catch { }
  27.             }
  28.             //if (Url.Length < Request.Url.AbsoluteUri.Length)
  29.             //    Response.Redirect(Url);
  30.             Context.RewritePath(Url);//可以用Response.Redirect和Context.RewritePath
  31.         }        //全站防止页面缓存
  32.         Response.Buffer = true;
  33.         Response.ExpiresAbsolute = DateTime.Now.AddSeconds(-1);
  34.         Response.Expires = 0;
  35.         Response.CacheControl = "no-cache";
  36.     }    protected string HandleRequestParam(string str)
  37.     {
  38.         string RetStr = "";
  39.         char[] strC = str.ToLower().ToCharArray();
  40.         for (int i = 0; i < strC.Length; i++)
  41.         {
  42.             if (Convert.ToInt32(strC[i]) >= 48 && Convert.ToInt32(strC[i]) <= 57)
  43.                 RetStr += strC[i].ToString();
  44.             else
  45.                 break;
  46.         }
  47.         return RetStr;
  48.     }    protected bool IsDanger(string InText)
  49.     {
  50.         string word = @"exec|insert|select|delete|update|master|truncate|char|declare|join|iframe|href|script|<|>|request";
  51.         if (InText == null)
  52.             return false;
  53.         if (Regex.IsMatch(InText,word))
  54.             return true;
  55.         return false;
  56.     }
复制代码