Reputation: 1275
Block URL's and Invalidate them
This is a valid url
URL1:
http://www.itsmywebsite.com/showproduct.aspx?id=127
http://www.itsmywebsite.com/browseproduct.aspx?catid=35
but this is not
URL2:
http://www.itsmywebsite.com/showproduct.aspx?id=-1%27
http://www.itsmywebsite.com/browseproduct.aspx?catid=-1%27
How can I block URL2 and the ones containing a string of format "-1%27" and invalidate the request. It's an automated bot sending this request so basically I want to just block the request in probably Global.asax? Please advise.
Upvotes: 0
Views: 134
Answers (2)
Reputation: 4101
Which version of iis are you using? If 7.0 or later use the URL rewrite module to reject invalid urls such as those ending in =-1
See an example blocking domains ( regex patterns ) here: http://www.hanselman.com/blog/BlockingImageHotlinkingLeechingAndEvilSploggersWithIISUrlRewrite.aspx
Upvotes: 0
Reputation: 74257
Well, those are both perfectly valid URLs. Your "URL2" is simply percent-encoded. Since 0x27 is an ASCII apostrophe, your percent-encoded URL2s are exactly the same as
http://www.itsmywebsite.com/showproduct.aspx?id=-1'http://www.itsmywebsite.com/browseproduct.aspx?catid=-1'
Perhaps your web page should be validating the data it receives on the query string and throwing an error.
Upvotes: 1
Related Questions
- How block specific page URL in IIS?
- Prevent user from entering URL in form
- Avoid user enter an invalid asp.net url
- Best Practice for denying/killing specific URL requests ASP.Net IIS 7.5
- IIS - block requests by URL pattern
- Prevent acess to by typing the URL
- Block direct access to url and allowing access by system only
- Hot to block access to page with defined URL in ASP.NET site on IIS except from one defined IP?
- Restrict access to a specific URL, running on IIS7 / ASP.NET
- How to validate incoming Urls?