I need to capture all HTTP requests in a classic ASP application. I looked at Global.asa, but it doesn't have any event that fires for all HTTP requests. Please let me know if I can even do that. Thanks!
You write an ASP script (I call it "redirect.asp" for now) that does all the checks and redirects. Then you have some options:
1.) it in every existing .asp file
2.) Server.Execute "redirect.asp" before other code in every .asp file
3.) Make a rewrite rule, that redirects ALL requests to your redirect.asp
Yes, by writing a function global.asa and abandoning session before redirect did the trick!
Related
I have a website where a third party performs an HTTP post to a file - let's call it http://mywebsite/third-party-post.cfm (it's a ColdFusion website).
I want to move the code to a new file - let's call it http://mywebsite/third-party-post-new.cfm.
If I change the file attributes in IIS:
Will this pass the form fields for a POST action, or does a redirect like this work only for GET?
You cannot pass post parameters during the redirect. The web server actually makes a call back to the browser to ask it if it can move the page, the browser then resubmits a request to the URL the server is asking to move it to. This is I believe a 301 call to the browser.You never see this and it happens in milliseconds. When the redirect happens it will destroy any post parameters that were submitted in favor of the new request coming from your browser, the server will see it as a brand new request with no post data.
You will need to pass your data in some other way to the page, either through a GET request or a include of the script you wish to run on the old page.
you might be better off actually using a URL rewrite to change how the web server sees a request for that given page.
the apache script would look something like this
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^third-party-post.cfm /third-party-post-new.cfm [L,QSA]
The above code will take a request for the orignal page and translate it to a request for the new page. If will still maintain the original URL though but will display the new page.
IIS has a URLrewrite function you can utilize or if you are familiar with Htaccess and apache, you can use a Helicon Ape http://www.helicontech.com/ape/ to read htaccess files for your site.
See post https://stackoverflow.com/a/13628908/2482184. Although this question is about apache the same is true for IIS no matter which version you are using. There are many other options available to bypass this issue. One of them is to create the /third-party-post.cfm file and include the /third-party-post-new.cfm. You can even use a new HTML5 technique to change the url without refreshing the page (see http://spoiledmilk.com/blog/html5-changing-the-browser-url-without-refreshing-page/ ).
Is it possible to manipulate an inbound request at the IIS level, before it even gets assigned to site on the server?
Essentially, I want to rewrite this --
www.somegenericdomain.com?site=someotherdomain
To this --
www.someotherdomain.com
And I need to do this before IIS picks which site the request belongs to, so I need to change the host header prior to this point.
Possible, or crazy? We're running IIS7.
You can rewrite, redirect, or proxy requests.
Rewrite changes the request, but does not change the site to which it is assigned. With a rewrite you can:
return an HTTP error code (503, 404, 401, etc);
manipulate the query string or URL path. one example is to transform a query string param into a URL path element. www.server.com/default.aspx?s=foo becomes www.server.com/foo, or vice versa.
set headers in the request.
Redirect sends back a 301 or 302 response to the browser with an updated address. You can receive a request for www.example.com/foo and respond to the browser with a 302 and an updated address of www.otherdomain.com , etc.
Proxy the request. In this case the web server is said to act as a "transparent proxy". It means the initial IIS server can call out to a second server, grab the response, and then package it up back to the original requester.
These three actions are often done in combination. The tools used to perform these actions are called "URL Rewriters". IIS7 has a built-in option from Microsoft (The IIS URL Rewrite Module), and there are third-party options as well, some free and some commercial, for IIS6, IIS7, and other non-Windows web servers. Apache's mod_proxy is the big one for Linux. All of these tools do basically the same kinds of things.
To answer your specific question, NO, you cannot rewrite a request from one domain to another. For web servers, rewrite is a meaningful term, and a URL Rewrite excludes the possibility of a server change.
It is possible though, to transform a request from one server to another, either via redirect or proxy. One of those may actually be what you want, when you ask about "rewriting" a request.
I guess the whole thing is possible, but not in the way of running before IIS. One part of the server even works as a low-level driver.
But you may use URL rewriting solutions such as mod_rewrite module of Helicon Ape http://www.helicontech.com/ape/doc/mod_rewrite.htm. Having set the software globally for all the sites, you may get what you need as follows:
RewriteEngine on
RewriteCond %{HTTP_HOST} www.somegenericdomain.com [NC]
RewriteProxy (.*) http://www.someotherdomain.com$1
What I'm trying to achieve:
Intercept requests for .asp files using an asp.net application
then re-write the url to something search engine friendly
then pass the request onto the asp.dll to handle the request.
How Im trying to acheive it:
I'm trying to get intelligencia url re-writing working for a classic asp application by
changing the IIS mapping for the website so that .asp extensions are handled by an asp.net application.
The intelligencia asp.net url re-writer then rewrites the url.
The requested .asp page is then forwarded to the asp.dll for processing. Can this bit be done? Any ideas?
My limitations:
Shared hosting account so I can't install isapi filters on the server.
Does it sound like something that could be done by writing an HTTPModule?
I've considered 301 redirect instead but am concerned about google ranking problems.
A .NET HttpModule cannot forward requests to Classic ASP in II6 because of the way the pipeline works. By the time your .NET module executes, you are in the ASP.NET handler and cannot transfer to the ASP handler.
IIS7 has the Integrated Pipeline, which would allow you to have a .NET HttpModule re-write the request to the Classic ASP handler.
You could have a custom 404 handler that clears the 404 status from the response and does a Server.Transfer or Server.Execute your page. The only thing is that you can't pass querystring parameters, so you page would need to parse the request and pull out the variables by hand.
I use a modified version of Smart404 to handle SEO friendly urls, moved files, etc. They call the feature "virtual_aliases".
Is it possible on an IIS to redirect all files with the file extension .asp to one single file (i.e. switch.php, switch.cfm) and how?
Thx in advance for the upcoming solutions :)
EDIT:
version of IIS is "IIS 6.0"
Here’s a few different thoughts off the top of my head:
Use an ISAPI filter. Either write your own or use a commercial one like Helicon ISAPI Rewrite (the reverse proxy feature should be able to do this).
Add a global.asa file to the root of the site and Response.Redirect to the page you want in the Session_OnStart event (I think this event still fires if the requested page doesn’t actually exist but am not 100% sure). More info here.
Define a new 404 “File not found” page in IIS which loads a custom page with a redirect to your desired URL. You could do this with either client or server side script and make it conditional on the requested URL having a .asp extension so as not to catch genuine 404s for other file types.
I’d say option 1 is your “best practice” approach but option 3 would get you up and running very quickly. Good luck!
your going to want to look into "iis modrewrite" on google :)
lets you use regular expressions to define rules and you can set a global match to rewrite to 1 page
Supposing you have a form that collects and submits sensitive information and you want to ensure it is never accessed via insecure (non-HTTPS) means, how might you best go about enforcing that policy?
If you're running Apache, you can put a RewriteRule in your .htaccess, like so:
RewriteCond %{HTTPS} "off"
RewriteRule /mypage.html https://example.com/mypage.html
I think the most bullet-proof solution is to keep the code inside your SSL document root only. This will ensure that you (or another developer in the future) can't accidentally link to a non-secure version of the form. If you have the form on both HTTP and HTTPS, you might not even notice if the wrong one gets used inadvertently.
If this isn't doable, then I would take at least two precautions. Do the Apache URL rewriting, and have a check in your code to make sure the session is encrypted - check the HTTP headers.
Take a look at this: http://www.dotnetmonster.com/Uwe/Forum.aspx/asp-net/75369/Enforcing-https
Edit: This shows solutions from an IIS point of view, but you should be able to configure about any web server for this.
In IIS? Go to security settings and hit "Require secure connection". Alternately, you can check the server variables in page load and redirect to the secure page.
I'd suggest looking at the request in the code that renders the form, and if it is not using SSL, issue a redirect to the https URL.
You could also use a rewite rule in Apache to redirect the user.
Or, you could just not serve up the page via HTTP, and keep it only in the document root of your HTTPS site.