开发者

How to IP whitelist for a single URL in IIS

I have an ASP.NET application that's made up of several .aspx pages. I want one of those .aspx pages to be accessible by only a certain set of IP开发者_StackOverflows. Is this possible?

I know you can IP whitelist at the website level, but can you IP whitelist for a single URL in an application?


The following resource demonstrates how to detect the client IP in ASP.NET:

http://bytes.com/topic/asp-classic/answers/439176-how-get-clients-ip-address-asp-net

Once you have the IP, load your whitelist from the storage mechanism of your choice, perhaps during an Init event (if in a page), and if the IP fails to match, respond like so (Use HttpContext.Current.Response if not in a page:

if (!mySafeIpList.Contains(clientIP))
{
    Response.Clear()
    Response.StatusCode = (int)HttpStatusCode.Unauthorized
    Response.End()
}

Or, just simply redirect to a valid page:

Response.Redirect("~/Head-Fake.aspx")

I hope this helps.


Unfortunately, I'm pretty sure you can't do it for a single page via IIS (seek Serverfault.com for more details if you want verification), but if you wanted to do it programmatically, you could hook Application_BeginRequest in your global.asax file. Check the request URL and the request IP address against your restrictions, and only allow the request to continue if they pass.


You can always check Request.ServerVariables["REMOTE_HOST"] against your own white list within your app.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜