Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to limit page access only to localhost?

Is there a way in asp.net to limit the access to a web page only from localhost?

like image 327
zirus Avatar asked Aug 09 '12 08:08

zirus


People also ask

Can someone else access my localhost?

localhost is a special hostname that almost always resolves to 127.0. 0.1. If you ask someone else to connect to http://localhost they'll be connecting to their computer instead or yours. To share your web server with someone else you'll need to find your IP address or your hostname and provide that to them instead.


2 Answers

     if (!HttpContext.Current.Request.IsLocal)
     { 
       Response.Status = "403 Forbidden";
       Response.End();
     }
like image 162
SilverlightFox Avatar answered Nov 04 '22 11:11

SilverlightFox


If you want to do this for a "web page" then I'd use IsLocal, but if you want a subdirectory solution I'd use Url Rewrite 2. http://www.microsoft.com/web/gallery/install.aspx?appid=urlrewrite2. If you don't have this installed already, go and get it as it's very useful. I believe it will be standard on IIS8.

Then add this to your web.config under <system.webServer/>

<rewrite>
 <rules>
    <!-- if this rule matches stopProcessing any further rules -->
    <rule name="Block Remote Access to Admin" stopProcessing="true" patternSyntax="ECMAScript" enabled="true">
      <!-- specify secure folder matching trailing / or $ == end of string-->
      <match url="projects(/|$)" ignoreCase="true" />
      <conditions logicalGrouping="MatchAll">
        <!-- Allow local host -->
        <add input="{REMOTE_ADDR}" pattern="localhost" ignoreCase="true" negate="true" />
        <add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />
        <add input="{REMOTE_ADDR}" pattern="::1" negate="true" />
      </conditions>
      <!-- by default, deny all requests. Options here are "AbortRequest" (drop connection), "Redirect" to a 403 page, "CustomResponse", etc.  -->
      <action type="CustomResponse" statusCode="403" statusDescription="Forbidden" statusReason="Access to this URL is restricted"/>
      <!-- or send the caller to an error page, home page etc
           <action type="Redirect" url="/public/forbidden.htm" redirectType="Temporary" />
      -->
    </rule>
  </rules>
</rewrite>
like image 30
cirrus Avatar answered Nov 04 '22 10:11

cirrus