Reputation: 2667
Block direct access to url and allowing access by system only
I want to block access to a url from everything except for iis usr that requests the image.
So I have: www.myurl.com/somedirectory/myfile.ashx
I want only my requests from code behind to be able to access this file not users/bots/non-clients who can manually visit the file by going to the url.
Need to take into account that servers are load-balanced I am unsure if this will cause an issue.
How would I go about doing this.
Requested serverside:
HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(imageUrl);
httpRequest.Method = "GET";
httpRequest.UserAgent = "MobileQ.NET";
httpRequest.ContentType = "image/png";
response = httpRequest.GetResponse().GetResponseStream();
Upvotes: 2
Views: 2249
Answers (2)
Reputation: 23093
You can check in your myfile.ashx if the request is from localhost:
string client = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
if(client == "localhost" || client == "127.0.0.1" || client == "::1")
//DoWork
else
{
HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
Upvotes: 2
Reputation: 6277
IIS7 has request filtering built in which could help if you are using that version or up of course
http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering
Upvotes: 1
Related Questions
- How block specific page URL in IIS?
- How to restrict a website to get access to a specific path through IIS?
- Block website access using C#
- MVC 3, prevent people browsng on server through URL
- How do I restrict direct access to an ASP.NET web page?
- Restrict page access in IIS 6.0
- Hot to block access to page with defined URL in ASP.NET site on IIS except from one defined IP?
- Restrict access to a specific URL, running on IIS7 / ASP.NET
- How can I prevent the direct call of an URL in an ASP.NET / IIS environment?
- ASP.NET MVC: Restricting access using url