[ajaxpro] Re: HttpRefererModule

Mon, 12 Jun 2006 12:49:18 -0700 

Attached you will find a very simple module that will check if the
referer is set to the same host. Add this with the web.config
configuration:

<httpModules>
  <add name="HttpRefererModule" type="AjaxPro.HttpRefererModule,App_Code"/>
</httpModules>

Note: change App_Code to the name of your assembly, I will include
this in future versions of Ajax.NET Professional.

Regards,
Michael




On 6/12/06, Jon Ceanfaglione <[EMAIL PROTECTED]> wrote:
>
> yes!
>
> On 6/12/06, Michael Schwarz <[EMAIL PROTECTED]> wrote:
> >
> > Hi,
> >
> > I have developed a HttpRefererModule which will only allow requests
> > that have the same HttpReferer host than the configured sitename. If
> > you are interessted let me know...
> >
> > --
> > Best regards | Schöne Grüße
> > Michael
> >
> > Microsoft MVP - Most Valuable Professional
> > Microsoft MCAD - Certified Application Developer
> >
> > http://weblogs.asp.net/mschwarz/
> > http://www.schwarz-interactive.de/
> > mailto:[EMAIL PROTECTED]
> >
> > >
> >
>
> >
>


-- 
Best regards | Schöne Grüße
Michael

Microsoft MVP - Most Valuable Professional
Microsoft MCAD - Certified Application Developer

http://weblogs.asp.net/mschwarz/
http://www.schwarz-interactive.de/
mailto:[EMAIL PROTECTED]


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Ajax.NET Professional" group.

To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]

For more options, visit this group at http://groups.google.com/group/ajaxpro

The latest downloads of Ajax.NET Professional can be found at 
http://www.ajaxpro.info
-~----------~----~----~----~------~----~------~--~---

/*
 * MS   06-06-12        initial version
 * 
 * 
 */
using System;
using System.IO;
using System.Text;
using System.Web;

namespace AjaxPro
{
        public class AjaxRequestModule : IHttpModule
        {
                public AjaxRequestModule()
                {
                }

                #region IHttpModule Members

                void IHttpModule.Dispose()
                {

                }

                void IHttpModule.Init(HttpApplication context)
                {
                        context.BeginRequest += (new 
EventHandler(this.context_BeginRequest));
                }

                #endregion

                void context_BeginRequest(object sender, EventArgs e)
                {
                        HttpApplication app = (HttpApplication)sender;
                        
                        string url = app.Request.RawUrl.ToLower();

                        if (!url.StartsWith((app.Request.ApplicationPath == "/" 
? app.Request.ApplicationPath : app.Request.ApplicationPath + "/")
                                + Utility.HandlerPath))
                                return;

                        if (app.Request.UrlReferrer == null || 
app.Context.Request.UrlReferrer.Host != app.Context.Request.Url.Host)
                        {
                                throw new HttpException(500, "Access denied.");
                        }
                }
        }
}

Reply via email to