' Name: Protect your Client Side Script ' with ASP v1.1 ' Description:This code will allow you t ' o use ASP to check that the request for ' your JavaScript and VBScript is a "real" ' request or just someone trying to steal ' your code. If the request.servervariable ' s("HTTP_REFERER") returns a page from yo ' ur site then your return the JavaScript ' if request.servervariables("HTTP_REFERER ' ") doesn't return a page from your site ' you return an appropriate response of yo ' ur own. ' Inputs:This is the basic idea laid out ' for you to examine. You will still have ' to do a little work to integrate it in t ' o your site but it isn't much more than ' copy and paste. The Input Request.ServerVariables("HTTP_REFERER") which Is automatically sent by the browser. ' ' Returns:Will return the JavaScript or ' VBScript if appropriate, if not a messag ' e to the user. ' ' Side Effects:It doesn't seem to work o ' n Netscape without setting up IIS to par ' se .js files like it does .asp. The user ' can still open the file from the user's ' cache unless you include: <% Response.Expires = 60 Response.ExpiresAbsolute = Now() - 1 Response.AddHeader "pragma","no-cache" Response.AddHeader "cache-control","private" Response.CacheControl = "no-cache" %> At the top of the protected JavaScript file. This Is stop the browser from saving a Local copy of the file. ' Use the line below In place of your normal JavaScript include line. Use the code below In place of your normal JavaScript .JS file. It must be saved As a .ASP file Or it will Not work. Actually, you can Set IIS server To read .js files just like it does .asp files. This Is a good idea To hide your protection scheme For any users who are trying bypass it. Then you could save it As a .js file. If you Do this a lot more people will be stumped. Of course you could just As easily protect your vbscript With the technique too. <% ' This is to force file to open save as ' dialog box and not open in user's browse ' r ' It would be even safer to have it as " ' badtype/badtype" instead of "text/javasc ' ript" Response.ContentType = "text/javascript" ' Set the line below to the page that wi ' ll be granted acess to the file ' You could change the test to allow all ' pages on your site access, etc. If (Request.ServerVariables("HTTP_REFERER") = "http://www.mysite.com/myfolder/mypage.asp") Then %> /* This Is where you put the real JavaScript that you want To run */ document.write(" ACCESS GRANTED @ <%=time%>
"); document.write(" request.servervariables("HTTP_REFERER") = "<%=Request.ServerVariables("HTTP_REFERER")%>""); <% Else %> /* This Is where you put the message you want users To see In place of your real JavaScript */ /* I wouldn't use the bottom line since it will give away your protection scheme and help */ /* users find a way To break it */ No soup For you. Request.ServerVariables("HTTP_REFERER") = "<%=request.servervariables("HTTP_REFERER")%>" <% End If %>