Solved

IIS referral

Posted on 2008-06-24
3
519 Views
Last Modified: 2008-09-17
I am using an IIS 7 Server and was wondering if there is a way to perform only allowed URL referrals in much the same way Apache does it.

I want to allow access to:
http://mydomain.com/page

Only from:
http://mydifferentdomain.com

If a user would hit the link directly http://mydomain.com/page it should not open, it should open only of referred by http://mydifferentdomain.com

The reason: mydifferentdomain.com is a portal that has users logon to and i have mydomain.com/page attached to it as an exclusive page (single sign on is not an option in my case at the moment).

Any input would be greatly appreciated.
Thanks.
0
Comment
Question by:vaworx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 21861151
Hi,

so long as you are aware that this is not a dependable way to secure web content ( it is easy enough to fake the http_referer to bypass that kind of 'security' ) then you need to consider a mechanism to use a custom IIS7 http module to implement that.

you would need to allow referrer from BOTH your "mydifferentdomain.com" AND "mydomain.com/page" for this scheme to work as expected.

our book "IIS Professional" published by wiley contains some sample code that implements such a scheme in both native and managed code.  I beleive that you can deownload the sample code from the web site:

http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470097825.html

cheers.
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question