473,329 Members | 1,261 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,329 software developers and data experts.

Disallow External Websites

44
Hi All,

I am using IIS 6.0 for ASP based website. This is an existing application and code was written to redirect pages to an error page when ever there is an error. Also after some operations the pages will be redirected to other pages.

When ever there is a URL redirection, in the address bar there next URL is displayed like ..

www.ourwebsite.com/Home.asp?NextURL=http://www.externalsite.com/

NextURL we are using for transferring to internal website pages. As this is currently exposed in the Address bar of browser, it can be redirected to any page user enters. This is a major security threat to the site.

What I want to know is whether there is any way we can avoid such URL redirections to external. If possible we want to do that in IIS level with out touching our existing code.

Thanks in Advance.

* posting this in IIS group as well, as this is related to IIS. Earlier this was posted to ASP group but no luck :(

Regds,
Sivakumar
Apr 27 '08 #1
3 2125
kenobewan
4,871 Expert 4TB
I believe that this is usually done through a proxy server not IIS. Alternatively deal with this in the application. HTH.

You need to choose which forum to post in and not both. Thanks.
Apr 28 '08 #2
siva538
44
I believe that this is usually done through a proxy server not IIS. Alternatively deal with this in the application. HTH.

You need to choose which forum to post in and not both. Thanks.
Thanks Kenobewan for your reply !

Can you please explain in detail about the proxy implementation.

Using application code is the last resort of mine !

Yep I agree for that, but in the other forum I didn't get any inputs from the people.

Regds,
Sivakumar
Apr 28 '08 #3
kenobewan
4,871 Expert 4TB
Afraid my first assumption looks to incorrect, I saw internal and assumed network.

So your least favoured may be your best option. Doesnt have to complicated, but I want to understand the security threat. If they are redirected what is the security threat, the risk appears to be the users if they enter another site in the url. If there is no sql then I see the risk as low.

Please let me know if I am barking up the wrong tree again :).
Thanks Kenobewan for your reply !

Can you please explain in detail about the proxy implementation.

Using application code is the last resort of mine !

Yep I agree for that, but in the other forum I didn't get any inputs from the people.

Regds,
Sivakumar
Apr 29 '08 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

6
by: wASP | last post by:
Hello everyone, I'm new to C# and ASP.NET, so pardon my stupidity on this one. I'm having a problem with referencing methods/functions external to a class member function. My code is as...
1
by: rob | last post by:
Ok, I'll try to post one more time. I have a program with which I would like to control a website. For instance with this program I want to programatically log into accounts like etrade/yahoo. I...
4
by: iwdu15 | last post by:
Hi, im using this code to get a computers IPAddress Net.Dns.GetHostEntry(Net.Dns.GetHostName()).AddressList(0) but that only gets the Lan IPAddress....how can i get the internet IP address? --...
4
by: orware | last post by:
Hi! This is my first post...and when I begin working on this project, it will also be my first PHP project! I do have some programming experience from my first year at college, but that was in Scheme...
6
by: ambeer | last post by:
Hello everybody, so i need some hints where to start at... i want to create website, which generates some text, for example everyday this text will be diffrent... and i need to provide some...
5
by: siva538 | last post by:
Hi All, I am using IIS 6.0 for ASP based website. This is an existing application and code was written to redirect pages to an error page when ever there is an error. Also after some operations...
4
by: Mark B | last post by:
I have a on-the-fly created image that is something of a performance badge or emblem to reflect each salesperson's performance. The image includes their grade "A+" and their sales "650 K" embedded...
2
AutumnsDecay
by: AutumnsDecay | last post by:
Hey. New problem. Ugh... As it turns out Flash will not load an XML file located elsewhere (some other websites, network, etc..). It will only load local XML. This causes a problem for me. ...
1
by: bnashenas1984 | last post by:
Hi everyone I'v seen several websites doing what I'm asking now but I don't know how they do it. Lets say we have an E-commerce website that has a shopping cart inside an IFrame which shows what...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.