阻止来自asp.net网站的域名 [英] blocking domains from asp.net website

问题描述

我想阻止像abc.com，xyz.co.uk这样的域名列表访问我的asp.net网站，同时浏览来自该域名的链接或通过该域名上的任何脚本。所需的结果，它将给出尝试从某个域远程访问我们网站的脚本的403响应 - 或者如果通过浏览器从该域的链接访问它。



我想阻止域而不是IP，因为IP可以动态更改。



我可以使用referer头，但不能总是依赖它发送（或正确）



注意：我的ASP.NET网站托管在IIS 7.5上。



问候，

Habib

I want to block a list of domains like abc.com, xyz.co.uk to access my asp.net website while browsing from a link from that domain or via any script on that domain. The desired result, it will give the 403 response to scripts that try and remotely access our website from a certain domain - or if it is accessed via a browser from a link from that domain.

I want to block domains not IPs because IPs may be dynamically changed.

I can use the referer header, but can't depend on it always being sent (or being correct)

Note: My ASP.NET website hosted on IIS 7.5.

Regards,
Habib

推荐答案

Quote：

我可以使用referer标题，但不能依赖它始终被发送（或正确）

I can use the referer header, but can't depend on it always being sent (or being correct)

这是真的。除了标题之外，您几乎没有机会知道用户之前访问过的页面。这是网站的基本概念，不容易改变。您可以预先假设大多数浏览器将发送正确的标头，并使用它来阻止访问。

如果这还不够，您可以检查网站在计算机上放置的cookie然后检查这些cookie是否存在。除了这些可能的解决方案，我没有看到任何其他方法。



出于好奇：你为什么需要这个功能？

This is true. Apart from the header, you got nearly no chance to know which page the user visited previously. This is a basic idea of websites, and is not easy to be changed. You can pre-assume that most of the browsers will send the correct header, and use it to block the access.
If this isn't enough you can examine what cookies a web site places on the computer and then check whether these cookies do exist. I don't see any other approach apart from these possible solutions.

Just out of curiosity: Why do you need this feature?

这篇关于阻止来自asp.net网站的域名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！