Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

IIS referral

Posted on 2008-06-24
3
512 Views
Last Modified: 2008-09-17
I am using an IIS 7 Server and was wondering if there is a way to perform only allowed URL referrals in much the same way Apache does it.

I want to allow access to:
http://mydomain.com/page

Only from:
http://mydifferentdomain.com

If a user would hit the link directly http://mydomain.com/page it should not open, it should open only of referred by http://mydifferentdomain.com

The reason: mydifferentdomain.com is a portal that has users logon to and i have mydomain.com/page attached to it as an exclusive page (single sign on is not an option in my case at the moment).

Any input would be greatly appreciated.
Thanks.
0
Comment
Question by:vaworx
3 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 21861151
Hi,

so long as you are aware that this is not a dependable way to secure web content ( it is easy enough to fake the http_referer to bypass that kind of 'security' ) then you need to consider a mechanism to use a custom IIS7 http module to implement that.

you would need to allow referrer from BOTH your "mydifferentdomain.com" AND "mydomain.com/page" for this scheme to work as expected.

our book "IIS Professional" published by wiley contains some sample code that implements such a scheme in both native and managed code.  I beleive that you can deownload the sample code from the web site:

http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470097825.html

cheers.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question