IIS: Let pass only allowed requests
How can i configure IIS so all requests are blocked except those that I allow?
So for example www.mypage.com is reachable and everything else is blocked except all requests starting with wwwroot
Allow:
www.mypage.com*
www.mypage.com/wwwroot/*
There are 2 options to do this
Option 1 - Using Request Filtering.
- Open IIS Manager.
- Select the Web Site.
- Double Click Request Filtering.
- In the Actions pane click on Deny Sequence and add the URL you want to block.
Downside of this approach is you need to add all the URLs that you want to block. I am not sure if we can add a regular expression here.
Option 2 - Using URL Rewrite (Preferable method)
- Install URL Rewrite from here
- Open IIS Manger and select the site you want to deny access and double click the URL Rewrite module
- On the right hand side in the actions pane click Add Rule(s)
- Select Request Blocking template in Inbound Rules. Set the values as below and click ok.This will add a URL Rewrite Rule
- What I am doing is adding a regular expression that matches everything but wwwroot.
With this anything other then wwwroot will be blocked. You can double click the Rule under URL-Rewrite and customize accordingly. Also make sure to disable the rule for static files/folders (.js,.css, images)
Reference - http://www.iis.net/learn/extensions/url-rewrite-module/request-blocking-rule-template
Hope this helps.
- What is the difference between SendAsync and SendMailAsync methods of SmtpClient?
- How to get the current logged in user ID in ASP.NET Core?
- Possible to Compile ASP.NET to Machine Code?
- How to unchecked RadioButton on ASP.NET/VB.NET
- How can I count a value of table records, using session variable?
- Facebook Graph API getting data when user not logged in
- Developing ASP.NET Facebook App Locally
- Use an assembly in an aspx page
- how to display none through code behind
- ASP.NET "special" tags
- Unable to utilize UrlHelper
- How do I avoid the status error after Http Headers sent?
- How do I loop through a PropertyCollection
- Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
- Has an event handler already been added?
- td data is not coming in single line
- EF SaveChanges not saving and not throwing exception
- .Net test URL is valid?
- HtmlAgilityPack: How can I remove a tag from a node while I'm looping through the node collection?
- Unsupported Media Type http response when upload file using c# api.
- Parser Error Message: Could not load type 'sometype'
- A non-blocking socket operation could not be completed immediately
- How to attach a PDF generated using jsPDF to the mail using asp.net c#
- Automating finding compile errors in ASP.NET pages
- Compiling a 6GB site
- Is there C# compiler for Mac OS X?
- An error occured after adding the initial Migration while accessing the Microsoft.extension.hosting services
- Website in pure C#
- How do I interpret error codes from FrontPage Extensions?
- What is the use of Normalized Email & UserName in .NET core IdentityUser Model?