Hi All,
I am using IIS 6.0 for ASP based website. This is an existing application and code was written to redirect pages to an error page when ever there is an error. Also after some operations the pages will be redirected to other pages.
When ever there is a URL redirection, in the address bar there next URL is displayed like ..
www.ourwebsite.com/Home.asp?NextURL=http://www.externalsite.com/
NextURL we are using for transferring to internal website pages. As this is currently exposed in the Address bar of browser, it can be redirected to any page user enters. This is a major security threat to the site.
What I want to know is whether there is any way we can avoid such URL redirections to external. If possible we want to do that in IIS level with out touching our existing code.
Thanks in Advance.
* posting this in IIS group as well, as this is related to IIS. Earlier this was posted to ASP group but no luck :(
Regds,
Sivakumar