Is there a way in asp.net to limit the access to a web page only from localhost?
localhost is a special hostname that almost always resolves to 127.0. 0.1. If you ask someone else to connect to http://localhost they'll be connecting to their computer instead or yours. To share your web server with someone else you'll need to find your IP address or your hostname and provide that to them instead.
if (!HttpContext.Current.Request.IsLocal)
{
Response.Status = "403 Forbidden";
Response.End();
}
If you want to do this for a "web page" then I'd use IsLocal, but if you want a subdirectory solution I'd use Url Rewrite 2. http://www.microsoft.com/web/gallery/install.aspx?appid=urlrewrite2. If you don't have this installed already, go and get it as it's very useful. I believe it will be standard on IIS8.
Then add this to your web.config under <system.webServer/>
<rewrite>
<rules>
<!-- if this rule matches stopProcessing any further rules -->
<rule name="Block Remote Access to Admin" stopProcessing="true" patternSyntax="ECMAScript" enabled="true">
<!-- specify secure folder matching trailing / or $ == end of string-->
<match url="projects(/|$)" ignoreCase="true" />
<conditions logicalGrouping="MatchAll">
<!-- Allow local host -->
<add input="{REMOTE_ADDR}" pattern="localhost" ignoreCase="true" negate="true" />
<add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />
<add input="{REMOTE_ADDR}" pattern="::1" negate="true" />
</conditions>
<!-- by default, deny all requests. Options here are "AbortRequest" (drop connection), "Redirect" to a 403 page, "CustomResponse", etc. -->
<action type="CustomResponse" statusCode="403" statusDescription="Forbidden" statusReason="Access to this URL is restricted"/>
<!-- or send the caller to an error page, home page etc
<action type="Redirect" url="/public/forbidden.htm" redirectType="Temporary" />
-->
</rule>
</rules>
</rewrite>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With