This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 2.x (Forum Locked Forum Locked)
 Helicon Tech : ISAPI_Rewrite 2.x
Subject Topic: security question
Author
Message |
ballmatic
Newbie


Joined: 30 January 2007
Posts: 20
Posted: 04 February 2012 at 2:45pm

We just got a new IP. And apparently it gets a lot of traffic for some reason. We have a SSL domain, so anytime somebody puts the IP in directly it'll pull up the site. We want them to ONLY be able to reach the site using the correct host headers for the website. You can do this in IIS, but not on domains on port 443 with an SSL certificate. So can we use ISAPI Rewrite to detect if they have the right host header otherwise 403 them? We also want to add the "www." if they don't have it. And we want to enforce https as well. Possible?
Back to Top
 
Anton
Admin Group


Joined: 30 January 2007
Location: Ukraine
Posts: 10519
Posted: 06 February 2012 at 7:41am

Yes, all you've enlisted is quite possible.
Please try it in the following way:

RewriteCond Host: (?!.*correctdomain\.com).*
RewriteRule .* /403.asp [RP]

RewriteCond Host: (?!www\..*).*correctdomain\.com
RewriteRule (.*) https\://www.correctdomain.com$1 [R]

RewriteCond %HTTPS off
RewriteCond Host: (?:www\.)?correctdomain\.com
RewriteRule (.*) https\://www.correctdomain.com$1 [R]



__________________
Regards,
Anton
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum