Reputation: 51947
Is localhost safe to check as a security condition
I have an HttpHandler that does something but I want don't want it to run when running on my local machine. For now, I simply comment out the handler in the web.config file when I'm running the site in Visual Studio, and uncomment it when I deploy the site: cumbersome. I want to add a condition to check if the site is running on my local machine like this:
public void ProcessRequest(HttpContext context)
{
if (context.Current.Request.Url.Host != "localhost") { DoSomething(); }
}
Is this safe or is it possible that when I deploy the condition will not trigger?
Upvotes: 0
Views: 176
Answers (2)
Reputation: 151604
You can also check Request.IsLocal.
Whether checking for local(host) works depends on the rest of your setup, for example when it is called by a site or proxy on the same machine that can cause the request to appear to come from the same machine, though it actually is external.
For now, I simply comment out the handler in the web.config
It sounds like you could use a configuration transform instead, so the handler doesn't get included in deploy builds.
Upvotes: 1
Reputation: 124726
Instead I'd recommend you use:
HttpContext.Current.Request.IsLocal
Upvotes: 2
Related Questions
- asp.net check if using local host
- Determine if ASP.NET application is running locally
- How to check if localhost
- Detecting Request from Localhost in C#
- How to limit page access only to localhost?
- Localhost and request.Url.Authority
- ASP.NET - Telling the difference between localhost and 127.0.0.1
- C# directive for code to run only when working on localhost
- How to check a request is from local host with ASP.NET technic
- How can you tell if an an ASP.NET request is remote or from localhost?