• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 541
  • Last Modified:

IIS referral

I am using an IIS 7 Server and was wondering if there is a way to perform only allowed URL referrals in much the same way Apache does it.

I want to allow access to:

Only from:

If a user would hit the link directly http://mydomain.com/page it should not open, it should open only of referred by http://mydifferentdomain.com

The reason: mydifferentdomain.com is a portal that has users logon to and i have mydomain.com/page attached to it as an exclusive page (single sign on is not an option in my case at the moment).

Any input would be greatly appreciated.
1 Solution

so long as you are aware that this is not a dependable way to secure web content ( it is easy enough to fake the http_referer to bypass that kind of 'security' ) then you need to consider a mechanism to use a custom IIS7 http module to implement that.

you would need to allow referrer from BOTH your "mydifferentdomain.com" AND "mydomain.com/page" for this scheme to work as expected.

our book "IIS Professional" published by wiley contains some sample code that implements such a scheme in both native and managed code.  I beleive that you can deownload the sample code from the web site:


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now