IIS - Handling redirection

Posted on 2013-10-12
Medium Priority
Last Modified: 2013-11-03
Can anyone advise on the following:

I have two IIS servers.

Server A.  IIS 7,5.    The user browses to a html page, can click on a button and browse to a second apsx page.

This second page contains a form with a post method.  The post is executed in the onLoad event.  So the page has a very short life!

The post is submitted to a isapi dll on Server B.

Server B. IIS 6.   The isapi dll runs.

My question is this: Is there anyway to make sure that the isapi dll on Server B only executes when it is stared by a post issued from ServerA
Question by:soozh
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39569360
I know in newer IIS you can do an ip restriction on a site, pretty sure iis6 has this capability also.
LVL 18

Accepted Solution

Emmanuel Adebayo earned 2000 total points
ID: 39569518
As aarontomosky as said, you can restrict IIS6 to accept connect only from the server that is running your on Server A via IP address or domain name.

1.Log on to the server running iis6.0 as an administrator or user with admin privilege
2.Click Start, select Programs, and then click Administrative Tools.
3.Click Internet Information Services.
4.3.In the left column you will see the Server Name, expand the Server Name and then Web Sites to find the site
5.Right-click on the Site and select Properties.
6.On the Directory Security Tab under IP Address and Domain Name Restrictions click Edit
You have two options, you can grant access to all computers and restrict individual IP’s or you can deny access to all computers and grant access to specific IP’s. By default, all users will be granted access to your site except the IP addresses you specify.
NOTE: If you use domain name restrictions, the server has to perform a reverse DNS lookup for each request to check the host's registered domain name. Microsoft recommends that you use an IP address or network range whenever you can.

Also, you can create an HTTP module which checks for incoming URL and based on extension you can take action, either to redirect the traffic to Server running iis7 or denied the connection.

Finally, you can place server running iis6 behind the firewall and configure your firewall for the server to only allow the traffic from server running iis7.


Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question