blocking domains from asp.net website

Question

0.00/5 (No votes)

See more:

I want to block a list of domains like abc.com, xyz.co.uk to access my asp.net website while browsing from a link from that domain or via any script on that domain. The desired result, it will give the 403 response to scripts that try and remotely access our website from a certain domain - or if it is accessed via a browser from a link from that domain.

I want to block domains not IPs because IPs may be dynamically changed.

I can use the referer header, but can't depend on it always being sent (or being correct)

Note: My ASP.NET website hosted on IIS 7.5.

Regards,
Habib

Posted 12-Jan-14 18:31pm

habibsatti

Updated 20-Jan-14 8:46am

fixthebugg

v2

Add a Solution

Comments

[no name] 20-Jan-14 14:47pm

Why do you want to do it ?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Marco Bertschi · Answer 1 · 2014-01-20T21:31:00

Quote:
I can use the referer header, but can't depend on it always being sent (or being correct)

This is true. Apart from the header, you got nearly no chance to know which page the user visited previously. This is a basic idea of websites, and is not easy to be changed. You can pre-assume that most of the browsers will send the correct header, and use it to block the access.
If this isn't enough you can examine what cookies a web site places on the computer and then check whether these cookies do exist. I don't see any other approach apart from these possible solutions.

Just out of curiosity: Why do you need this feature?