• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 146
  • Last Modified:

Protect ASP database reports online

I use ASP pages to report database in Frontpage 2003 for lacrosse camps, clinics, etc.  The ASP pages contain names, addresses and payment info.  Google has indexed some of these report pages containing such information.

How do i reliably protect the ASP reports from being indexed by search engines or found by casual users?  I have tried putting them in a _directory, but then the ASP doesn't work.

Thank you.
1 Solution
Create a robots.txt file to exclude the folder from search engines.


Add a NOINDEX meta tag to the pages you want to be hidden.

I don't know what you mean by "found by casual users".  If you don't password protect a page it is, technically, available for viewing by anyone.

I think that you pages have been indexed because you send data via hyperlinks.  If you send the data between pages using Sessions your pages won't be indexed. Or at least add a code on the pages that you want to protect to check the http_referer.  This code will check if the page is coming through a certain page,  if yes then display otherwise redirect to that page.

You can put something like this at the top of the ASP page,  before the first <html>

Dim HTTP_Referer

HTTP_Referer = Request.ServerVariables("HTTP_Referer")

If HTTP_Referer <> "logon.asp" Then
Response.Redirect "logon.asp"
End If

You can also put a full address instead of "login.asp" only:

if HTTP_Referer <> "http://www.website.com/login.asp" then

So if you have a page that generates the information and another to display the info, this code will force the user to go back to the generating page.  Let's say that you have GenerateInfo.asp and DisplayInfo.asp.  You have info about a customer generated in GenerateInfo.asp  when you submit it opens DisplayInfo.asp.  Now, the DisplayInfo.asp in the URL will be like:


If you type the above address directly or save it in the favorites it will not open because the HTTP_Referer code will sense that the user did not come through the GenerateInfo.asp page.  Here the code will return the user to the Generating page.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now