Solved

IIS referral

Posted on 2008-06-24
3
515 Views
Last Modified: 2008-09-17
I am using an IIS 7 Server and was wondering if there is a way to perform only allowed URL referrals in much the same way Apache does it.

I want to allow access to:
http://mydomain.com/page

Only from:
http://mydifferentdomain.com

If a user would hit the link directly http://mydomain.com/page it should not open, it should open only of referred by http://mydifferentdomain.com

The reason: mydifferentdomain.com is a portal that has users logon to and i have mydomain.com/page attached to it as an exclusive page (single sign on is not an option in my case at the moment).

Any input would be greatly appreciated.
Thanks.
0
Comment
Question by:vaworx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 21861151
Hi,

so long as you are aware that this is not a dependable way to secure web content ( it is easy enough to fake the http_referer to bypass that kind of 'security' ) then you need to consider a mechanism to use a custom IIS7 http module to implement that.

you would need to allow referrer from BOTH your "mydifferentdomain.com" AND "mydomain.com/page" for this scheme to work as expected.

our book "IIS Professional" published by wiley contains some sample code that implements such a scheme in both native and managed code.  I beleive that you can deownload the sample code from the web site:

http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470097825.html

cheers.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question