Solved

IIS referral

Posted on 2008-06-24
3
503 Views
Last Modified: 2008-09-17
I am using an IIS 7 Server and was wondering if there is a way to perform only allowed URL referrals in much the same way Apache does it.

I want to allow access to:
http://mydomain.com/page

Only from:
http://mydifferentdomain.com

If a user would hit the link directly http://mydomain.com/page it should not open, it should open only of referred by http://mydifferentdomain.com

The reason: mydifferentdomain.com is a portal that has users logon to and i have mydomain.com/page attached to it as an exclusive page (single sign on is not an option in my case at the moment).

Any input would be greatly appreciated.
Thanks.
0
Comment
Question by:vaworx
3 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 21861151
Hi,

so long as you are aware that this is not a dependable way to secure web content ( it is easy enough to fake the http_referer to bypass that kind of 'security' ) then you need to consider a mechanism to use a custom IIS7 http module to implement that.

you would need to allow referrer from BOTH your "mydifferentdomain.com" AND "mydomain.com/page" for this scheme to work as expected.

our book "IIS Professional" published by wiley contains some sample code that implements such a scheme in both native and managed code.  I beleive that you can deownload the sample code from the web site:

http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470097825.html

cheers.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now