IIS7 - restricting http delivery only if from specific site [Answered]RSS

5 replies

Last post Sep 08, 2010 09:33 AM by Leo Tang - MSFT

  • IIS7 - restricting http delivery only if from specific site

    Sep 02, 2010 09:18 AM|repomanz|LINK

    Hi everyone.

     

    New to the site and new to IIS for the most part.  I need some help configuring my IIS7 setup.  The problem that I have is the follows:

     

    User logs into site A (https://siteA).  Within this site, there is a training link that directs them to site B (http://siteB).  Due to the nature of the training, it will be open via firewall for both internal and external visitors.  Because site B will be open via firewall, that means someone could randomly hit my training URL.  External users are not tied into my corporate LDAP system either.

    Is there some kind of referer configuration i can put on my site B IIS7 configuration that would only serve content IF the traffic was redirected from site A?

     

     

  • Re: IIS7 - restricting http delivery only if from specific site

    Sep 03, 2010 02:09 AM|HostingASPNet|LINK

    Hello,

    No, but you could get the HTTP referrer with ASP.NET code and check it before serve the siteB content.

    Regards

    WindowsHostingASP.NET - My favourite site for Windows and IIS hosting information.
    HowtoASP.NET - Free ASP.NET tutorials and source code.
  • Re: IIS7 - restricting http delivery only if from specific site

    Sep 03, 2010 03:20 AM|kctt|LINK

     I agree, some coding is required to do the job.

  • Re: IIS7 - restricting http delivery only if from specific site

    Sep 06, 2010 11:43 PM|Leo Tang - MSFT|LINK

    Hi,

    You can also capture the HTTP Referer by using URL Rewrite Module. The rule looks like:

            <rewrite>
                <rules>
                    <rule name="PreventRandomHit" stopProcessing="true">
                        <match url=".*" />
                        <conditions>
                            <add input="{HTTP_REFERER}" pattern="^https://siteA/.*$" negate="true" />
                        </conditions>
                        <action type="AbortRequest" />
                    </rule>
                </rules>
            </rewrite>

    You can modify the pattern in "<match url=".*" />" , in case any request wasn't redirected form siteA will be aborted.

    URL Rewrite Module
    http://learn.iis.net/page.aspx/734/url-rewrite-module/

    Thanks.

    Please mark the replies as answers if they help or unmark if not.
    Feedback to us


  • Re: IIS7 - restricting http delivery only if from specific site

    Sep 07, 2010 11:19 AM|repomanz|LINK

     Leo,

     

    Thank you for this information.  Is there source code available for this module?  

  • Re: IIS7 - restricting http delivery only if from specific site

    Sep 08, 2010 09:33 AM|Leo Tang - MSFT|LINK

    Hi,

    You can download IIS Rewrite Module from here:

    http://www.iis.net/download/URLRewrite

    Is there any reason you need the source code of this module? If you want to customize the rewrite behavior, you can write your own rewrite provider.

    Developing a Custom Rewrite Provider for URL Rewrite Module

    http://learn.iis.net/page.aspx/804/developing-a-custom-rewrite-provider-for-url-rewrite-module/

    Thanks.

    Please mark the replies as answers if they help or unmark if not.
    Feedback to us