阻止来自asp.net网站的域名 [英] blocking domains from asp.net website
问题描述
我想阻止像abc.com,xyz.co.uk这样的域名列表访问我的asp.net网站,同时浏览来自该域名的链接或通过该域名上的任何脚本。所需的结果,它将给出尝试从某个域远程访问我们网站的脚本的403响应 - 或者如果通过浏览器从该域的链接访问它。
我想阻止域而不是IP,因为IP可以动态更改。
我可以使用referer头,但不能总是依赖它发送(或正确)
注意:我的ASP.NET网站托管在IIS 7.5上。
问候,
Habib
I want to block a list of domains like abc.com, xyz.co.uk to access my asp.net website while browsing from a link from that domain or via any script on that domain. The desired result, it will give the 403 response to scripts that try and remotely access our website from a certain domain - or if it is accessed via a browser from a link from that domain.
I want to block domains not IPs because IPs may be dynamically changed.
I can use the referer header, but can't depend on it always being sent (or being correct)
Note: My ASP.NET website hosted on IIS 7.5.
Regards,
Habib
推荐答案
我可以使用referer标题,但不能依赖它始终被发送(或正确)
I can use the referer header, but can't depend on it always being sent (or being correct)
这是真的。除了标题之外,您几乎没有机会知道用户之前访问过的页面。这是网站的基本概念,不容易改变。您可以预先假设大多数浏览器将发送正确的标头,并使用它来阻止访问。
如果这还不够,您可以检查网站在计算机上放置的cookie然后检查这些cookie是否存在。除了这些可能的解决方案,我没有看到任何其他方法。
出于好奇:你为什么需要这个功能?
This is true. Apart from the header, you got nearly no chance to know which page the user visited previously. This is a basic idea of websites, and is not easy to be changed. You can pre-assume that most of the browsers will send the correct header, and use it to block the access.
If this isn't enough you can examine what cookies a web site places on the computer and then check whether these cookies do exist. I don't see any other approach apart from these possible solutions.
Just out of curiosity: Why do you need this feature?
这篇关于阻止来自asp.net网站的域名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!