Protect ASP database reports online

Posted on 2005-04-10
Last Modified: 2013-12-24
I use ASP pages to report database in Frontpage 2003 for lacrosse camps, clinics, etc.  The ASP pages contain names, addresses and payment info.  Google has indexed some of these report pages containing such information.

How do i reliably protect the ASP reports from being indexed by search engines or found by casual users?  I have tried putting them in a _directory, but then the ASP doesn't work.

Thank you.
Question by:flwebster
    LVL 9

    Accepted Solution

    Create a robots.txt file to exclude the folder from search engines.


    Add a NOINDEX meta tag to the pages you want to be hidden.

    I don't know what you mean by "found by casual users".  If you don't password protect a page it is, technically, available for viewing by anyone.
    LVL 14

    Expert Comment


    I think that you pages have been indexed because you send data via hyperlinks.  If you send the data between pages using Sessions your pages won't be indexed. Or at least add a code on the pages that you want to protect to check the http_referer.  This code will check if the page is coming through a certain page,  if yes then display otherwise redirect to that page.

    You can put something like this at the top of the ASP page,  before the first <html>

    Dim HTTP_Referer

    HTTP_Referer = Request.ServerVariables("HTTP_Referer")

    If HTTP_Referer <> "logon.asp" Then
    Response.Redirect "logon.asp"
    End If

    You can also put a full address instead of "login.asp" only:

    if HTTP_Referer <> "" then

    So if you have a page that generates the information and another to display the info, this code will force the user to go back to the generating page.  Let's say that you have GenerateInfo.asp and DisplayInfo.asp.  You have info about a customer generated in GenerateInfo.asp  when you submit it opens DisplayInfo.asp.  Now, the DisplayInfo.asp in the URL will be like:

    If you type the above address directly or save it in the favorites it will not open because the HTTP_Referer code will sense that the user did not come through the GenerateInfo.asp page.  Here the code will return the user to the Generating page.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    In this short web based tutorial, I wanted to show users how they can still use the powers of FrontPage in conjunction with Expression Web 3.  Even though Microsoft eliminated the use of Web components, we can still use them with FrontPage and edit …
    When setting up new project requests for our site, one of the most powerful tools our team has available to use is Axure ( It’s a tool for creating software and web prototypes that can function and interact as if it were the a…
    The purpose of this video is to demonstrate how to properly insert a Vimeo Video into a WordPress site or Blog. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following:…
    The purpose of this video is to demonstrate how to insert an Iframe into WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: : Open Page or Post…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now