Helicon Tech: security question

This forum has been moved here:
Helicon Tech Community Forum

Active Topics

Memberlist

Help

ISAPI_Rewrite 2.x ( Forum Locked)
Helicon Tech : ISAPI_Rewrite 2.x

Topic: security question

Author

Message

<< Prev Topic | Next Topic >>

ballmatic
Newbie
Newbie

Joined: 30 January 2007
Online Status: Offline
Posts: 20

Posted: 04 February 2012 at 2:45pm \| IP Logged

We just got a new IP. And apparently it gets a lot of traffic for some reason. We have a SSL domain, so anytime somebody puts the IP in directly it'll pull up the site. We want them to ONLY be able to reach the site using the correct host headers for the website. You can do this in IIS, but not on domains on port 443 with an SSL certificate. So can we use ISAPI Rewrite to detect if they have the right host header otherwise 403 them? We also want to add the "www." if they don't have it. And we want to enforce https as well. Possible?

Anton
Admin Group

Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 10520

Posted: 06 February 2012 at 7:41am \| IP Logged

Yes, all you've enlisted is quite possible.
Please try it in the following way:

RewriteCond Host: (?!.*correctdomain\.com).*
RewriteRule .* /403.asp [RP]

RewriteCond Host: (?!www\..*).*correctdomain\.com
RewriteRule (.*) https\://www.correctdomain.com$1 [R]

RewriteCond %HTTPS off
RewriteCond Host: (?:www\.)?correctdomain\.com
RewriteRule (.*) https\://www.correctdomain.com$1 [R]

__________________
Regards,
Anton

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

This forum has been moved here: Helicon Tech Community Forum

This forum has been moved here:
Helicon Tech Community Forum