Re: Header Referrer-based Filtering
From: Craig Humphrey (CraigHumphreyHatesSpam_at_newsgroup.nospam)
Date: 12/21/04
- Previous message: Howard Hartman: "Re: Password protect directory"
- In reply to: Adam Baum: "Header Referrer-based Filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Dec 2004 12:26:46 +1300
Yeah, an ISAPI filter is what you need.
Check out the custom authentication one, you should be able to modify that
to work for you.
The catch.... the referrer value can be forged...
Hope that helps.
Later'ish
Craig
"Adam Baum" <Adam Baum@discussions.microsoft.com> wrote in message
news:2F7C1F70-5F8E-48C6-AE7F-0FE68AB05EBA@microsoft.com...
> Hello,
>
> I am running several websites on IIS5 w/ all patches and the LockDown
Tool.
> With all but one website I am able to use either NTLM auth or IP filtering
to
> secure and limit access to the sites. The last site is the problem.
>
> We have several off-site systems that provide services to remote clients.
> Occasionally these systems have to referrer the client to the webserver
for
> data files. Since it is the client that is connecting to the webserver the
IP
> is different each time so we cannot use IP filters and usernames and
> passwords cannnot be used as well.
>
> How do you configure IIS5 to scan the HTTP Request Header for the Referrer
> value and compare to a list of authorized users before allowing the
traffic?
> The referrers are always static so I need to configure the ACL based on
the
> referrer instead of the client ip.
>
> Article links and Suggestions will be much appreciated!
>
> Thanks!
- Previous message: Howard Hartman: "Re: Password protect directory"
- In reply to: Adam Baum: "Header Referrer-based Filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
