如何阻止远程访问我的网站？ [英] How do I prevent remote access to my website?

问题描述

你好，



这可能很奇怪，我之前没有这样做过。我正在使用ASP.Net C＃创建一个Web应用程序，我需要阻止用户从WAN访问某些页面（例如http://www.mysite.com/lanOnlyPages.aspx）因为我们不能让用户远程执行某些操作。我们将IIS Web服务器放在办公室，我只希望那些目前在办公室的用户访问这些页面。当他们回到家并访问这些页面时，我不希望他们访问。这需要在我的应用程序内完成。



首先，我计划在数据库中保存Web服务器LAN IP，并比较客户端LAN IP的前3个部分。但服务器可以是192.168.1.xxx，客户端也可以是192.168.1.xxx，因此，它不起作用。我应该检查哪个IP

比较？或者有没有简单的方法来实现这个目标？



先谢谢了，

tslin

Hello,

This could be weird and I haven't done anything like this before. I am creating a web application with ASP.Net C# and I have a situation that I need to prevent users from accessing some pages from WAN (e.g. http://www.mysite.com/lanOnlyPages.aspx) because we can't let user to perform some operation remotely. We put our IIS web server at the office and I only want for those users who are currently at office to access those pages. When they go back home and access those pages, I don't want them to access. And this need to be done inside my application.

First I planned to save web server LAN IP in the database and compare 1st 3 parts of client LAN IP. But server can be 192.168.1.xxx and client can also be 192.168.1.xxx, so, it does not work. Which IP should I check to
compare? Or is there any easy way to achieve this?

Thanks in advanced,
tslin

推荐答案

这对我来说听起来不太安全。安全是安全的，它不应该取决于用户的位置。当访问安全敏感数据基于安全身份验证时，它会更好;如果有些人永久离开办公室（例如辞职），您可以撤销用户个人资料记录。但是，您决定。



您可以随时在所有HTTP请求中检查客户端IP： https://msdn.microsoft.com/en-us/library/system.web.httprequest.userhostaddress%28v= vs.110％29.aspx [ ^ ]。



根据IP，您可以看出用户发送的是请求办公室并给予此人额外的特权，在所有其他情况下拒绝他们。

-SA

It sounds bad safety practice to me. Safety is safety, it should not depend on location of the user. It's better when access to safety-sensitive data is based on secure authentication; if some people leave the office permanently (resign from work, for example), you can revoke the user profile record. However, you decide.

You can always checkup the client IP in all the HTTP requests: https://msdn.microsoft.com/en-us/library/system.web.httprequest.userhostaddress%28v=vs.110%29.aspx[^].

Based on the IP, you can figure out that the user sends the request from the office and give this person additional privileges, denying them in all other cases.

—SA

这篇关于如何阻止远程访问我的网站？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！