Re: Header Referrer-based Filtering
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/03/05
- Previous message: David Wang [Msft]: "Re: Page cannont be displayed ... Cannot find server or DNS error - I'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 2 Jan 2005 23:03:13 -0800
I'm th inking of coding together a sample for this and blog about it
sometime soon, so I'll reply with the entry's URL when I get that done.
The task is really not that hard and is pretty standard ISAPI Filter
stuff -- the complicated part is with the allow/reject algorithm and
determining scope of activity -- but that is all customizable code that you
should produce.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Adam Baum" <AdamBaum@discussions.microsoft.com> wrote in message news:7101078D-128E-4FD2-8204-A95B7578C3C8@microsoft.com... This is for static content, a downloads system/folder. Basically I am looking for something to prevent file leeching from the server based on the referrer. If the referrer is one of our secondary servers then allow it, for all other referrers/leechers block content. I am not extremely familiar with the ISAPI filters, I have looked at the standard ones but nothing looked like it might work. Could somebody suggest one that might work in this instance? Thanks! "Ken Schaefer" wrote: > What type of pages are you running? If they are ASP or ASP.NET you can look > in the Request.ServerVariables() collection (for HTTP_Referer) to get the > referer value that was sent by the client. > > If these are just normal HTML (or other static content) you will probably > need to use an ISAPI filter. > > Cheers > Ken > > "Adam Baum" <Adam Baum@discussions.microsoft.com> wrote in message > news:2F7C1F70-5F8E-48C6-AE7F-0FE68AB05EBA@microsoft.com... > > Hello, > > > > I am running several websites on IIS5 w/ all patches and the LockDown > > Tool. > > With all but one website I am able to use either NTLM auth or IP filtering > > to > > secure and limit access to the sites. The last site is the problem. > > > > We have several off-site systems that provide services to remote clients. > > Occasionally these systems have to referrer the client to the webserver > > for > > data files. Since it is the client that is connecting to the webserver the > > IP > > is different each time so we cannot use IP filters and usernames and > > passwords cannnot be used as well. > > > > How do you configure IIS5 to scan the HTTP Request Header for the Referrer > > value and compare to a list of authorized users before allowing the > > traffic? > > The referrers are always static so I need to configure the ACL based on > > the > > referrer instead of the client ip. > > > > Article links and Suggestions will be much appreciated! > > > > Thanks! > > >
- Previous message: David Wang [Msft]: "Re: Page cannont be displayed ... Cannot find server or DNS error - I'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
