【发布时间】:2021-06-18 23:13:53
【问题描述】:
我有一个 export to excel 代码如下:
<%
Server.ScriptTimeout = 600
'Security check passed, proceed:
Dim conn, rs, sql, x, outlen
Set conn = Server.CreateObject("ADODB.Connection")
Set rs = Server.CreateObject("ADODB.Recordset")
sql = "exec " & Request.QueryString("sp") & " "
For t = 1 To Request.QueryString("p").Count
'Escape single quotes for SQL:
If t > 1 Then sql = sql & ", "
sql = sql & "'" & Replace(Request.QueryString("p").Item(t), "'", "''") & "'"
Next
conn.CommandTimeout = 600
conn.Open strConnString_CyberAgent_WithProvider
rs.Open sql, conn
'Prepare the response:
Response.Buffer = True
Response.CacheControl = "Private"
Response.Expires = 0
Response.Clear
outlen = 0
'Prepare the message headers (Any subsequent response.writes will fall inside the file!)
Response.AddHeader "Content-Disposition", "attachment; filename=Export.xls"
Response.ContentType = "application/vnd.ms-excel"
'Output headers:
For x = 0 To rs.Fields.Count - 1
If x > 0 Then
Response.Write(chr(9))
outlen = outlen + 1
End If
Response.Write(rs.Fields.Item(x).Name)
outlen = outlen + len(rs.Fields.Item(x).Name)
Next
Response.Write(chr(13) & chr(10))
outlen = outlen + 2
'Loop through records:
Do While Not rs.EOF
For x = 0 To rs.Fields.Count - 1
If x > 0 Then
Response.Write(chr(9))
outlen = outlen + 1
End If
Response.Write(rs.Fields.Item(x).Value)
if not(isnull(rs.Fields.Item(x).Value)) then outlen = outlen + len(rs.Fields.Item(x).Value)
Next
Response.Write(chr(13) & chr(10))
outlen = outlen + 2
rs.MoveNext
Loop
rs.Close
conn.Close
Set rs = Nothing
Set conn = Nothing
Response.AddHeader "Content-Length", outlen
'Flush the buffer, sending the user the file
Response.Flush
%>
我能够正常下载报告,但为了缓解安全漏洞,我在 IIS 中使用 URL Rewrite 隐藏响应标头,例如 server name 和 asp.net version,方法是在 IIS 中添加以下内容我的web.config
<rewrite>
<outboundRules>
<rule name="Remove Server">
<match serverVariable="RESPONSE_SERVER" pattern=".+" />
<action type="Rewrite" />
</rule>
<rule name="Remove Asp.Net Version">
<match serverVariable="RESPONSE_X-ASPNET-VERSION" pattern=".+" />
<action type="Rewrite" />
</rule>
<rule name="Remove Umbraco Version">
<match serverVariable="RESPONSE_X-UMBRACO-VERSION" pattern=".+" negate="false" />
<action type="Rewrite" />
</rule>
</outboundRules>
</rewrite>
<customHeaders>
<remove name="Server" />
<remove name="X-AspNet-Version" />
<remove name="X-Powered-By" />
</customHeaders>
问题是添加规则以阻止响应标头导致下载时无法打开 excel 文件。它会抛出一个错误,这让我想知道是否有任何其他方法可以在不干扰导出过程的情况下阻止响应标头。
【问题讨论】:
-
你能告诉我错误信息吗?
-
@samwu 它说,无法打开文件。不支持的 Excel 格式。但是当我恢复我的
web.config更改时,它会正常打开
标签: asp.net iis url-rewriting httpresponse