Since I am using a host header filtering technique in my ASP.NET MVC application, I would like to prevent users from browsing directly to the IP address of my site, and force them to use the FQDN. Is this possible?
I see similar SO question here with no answer
You can do this with Bindings in IIS (assuming you're using IIS): https://technet.microsoft.com/en-us/library/cc731692(v=ws.10).aspx
Open IIS
Right click your site
Click "Edit Bindings"
Edit the entries (http/https) to include a "Host Name" (ex. "YourSite.com", "sub.YourSite.com", etc...)
An alternative would be to force a redirect to the FQDN in your code. You should be able to determine the url using a ServerVariable: https://msdn.microsoft.com/en-us/library/system.web.httprequest.servervariables(v=vs.110).aspx
You can add another Website in IIS, locate it to an empty directory to make it don't do anything useful, use 80 port but don't bind any hostnames. In this case, who access your server by IP directly would just hit this Website, they won't bother you anymore.
Or maybe you can put some helpful webpages in this website to help your client visit by domain name correctly.
we have fronted Liferay tomcat server with IIS , and we used ISAPI tomcat redirector for that ,everything works just fine.
the problem is that We need to map a specific Domain name to a specific URL on Liferay:
workers.properties :
worker.mydomain_com.port=8014
worker.mydomain_com.host=127.0.0.1
worker.mydomain_com=ajp13
uriworkermap.properties
/mydomain.com/=mydomain_com
/www.mydomain.com=mydomain_com
/www.mydomain.com/*=mydomain_com
This configuration will map www.mydomain.com to localhost:xxxx .
what i want is how to configure the worker mydomain_com so it can be mapped to localhost:xxxx/web/organiation. I searched for worker.mydomain.options but there is no configuration for the uri, is there any way to do ?
Thanks
As your configuration in IIS for mapping to www.mydomain.com is working fine. Its better to keep it like that and enable friendly URL for site in liferay so that you don't really need /web/organiation
Here are the steps to do in liferay 6.1
Login to Liferay as administration.
Go to Control Panel
Select your site and then click on "Site Settings".
Click on "Site URL" in right side.
Under "Virtual Hosts", you should see a text box named "Public Pages"
Enter www.mydomain.com and save.
Then liferay automatically redirect requests coming to it from www.mydomain.com to public pages of this site.
If you are using different liferay version, steps may be little different. But it still provides an option to set domain name for site.
I'm having quite a hard time figuring out this problem and I need your help. Here's the scenario:
I have a sharepoint 2010 web application on my port 80. This has 2 site collections, the root, and the /sites/official. My problem is: The root site is empty, but in the future it will be my something (I don't know what yet), but my other site collection is ready to go and I already have an Internet address for it.
What I want to do is configure everything in way that I can type http://contoso.com and get as response my sub-site (yes, its a kind of redirect)...
how can I do it? What and where should I configure it?
add content editor webpart on your root site collection and put this javascript in that webpart
<script type="text/javascript">
window.location = "http://contoso.com/sites/official"
</script>
Open IIS manager
Right click on your SharePoint website -> Properties
Go to tab Home Directory
Choose A redirection to a URL
fill the URL for redirection. for example: http://contoso.com/sites/official
Notes:
Make sure to check A Directory below URL entered to avoid redirect loop
Link to another thread might interest the reader - immediate redirect page in sharepoint
Screenshot:
Add alternate access mapping for the sub-site collection from the central administration.
Central Administration > Application Management > Web Applications > Configure alternate access mappings
I have an application that is currently deployed (ex. www.example.com ). However, now we have a "secure" subdomain, which will take all of the requests that need to be encrypted (ex. secure.example.com). The site that is at www.example.com is currently mapped to C:\inetpub\example.com\wwwroot\, and I've mapped secure.example.com to C:\inetpub\example.com\wwwroot\secure.
However, since secure.example.com was setup as a new website within the IIS Manager, when the secure site is visited, it displays an error since there is no web.config associated with this website; however, this is the way I want it since I want this to be a part of the application that is in the parent directory.
I think what you really meant to do was just right click on the web site for example.com and edit the bindings. In there you can add host names to that site.
Make sure you add them for port 443 which is SSL.
Map both the IIS virtual directories/web sites to the same directory, and check that are both using the same IIS application name.
(Not tried this, but can't recall seeing anything to say it would not work.)
We've got a webserver running IIS. We'd like to run maybe a shared blog or something to keep track of information. Because of security issues, we'd like for that part to be only viewable from localhost so people have to remote in to use it.
So, to repeat my question, can part of a website be made viewable from localhost only?
For some one doing it in IIS 8 / Windows 2012
1) In Server Manager, go to Manage, Add Roles and Features, Next, Next (get to Server Roles), scroll down to Web Server (IIS), expand that row, then expand Web Server, and finally expand Security. Make sure that IP and Domain Restrictions are installed.
2) In IIS Manager, drill down to the folder that you want to protect and left click select it. In the Features View of that folder select IP and Domain Restrictions In Actions choose Edit Feature Settings. Change 'Access for unspecified clients:' to 'Deny' then OK.
3) Finally go to 'Add Allow Entry' In the Actions menu. Type in the Specific IP address of your server.
Now only requests coming from your server will be allowed access. Or any server that shares that IP address. So in a small network, the office could share the IP address between all of the PCs in that offices, so all of those PCs could access that folder.
Last but not least is to remember that if your network has a dynamic IP address, then if that IP changes, you will expose your blog admin folder to whoever is using that IP now. Also, everyone on that new IP address will lose access to your that folder...
You can also use bindings instead of IP restrictions. If you edit the bindings for the web site you want to restrict access to, you can select which IP address the site is available at. If you set the IP address to 127.0.0.1, then the site is only responding on this IP address, and this IP address will of course only work locally on the machine.
I've tested this using IIS 8.5.
In IIS6 you can bring up the properties for the web and click on the directory security tab. Click the button in the middle of the tab for editing the IP and Domain restrictions. On this tab set all computers as denied, then add an exception for the IPs you want to allow access to this site.
I am not sure how to configure this on IIS7. I looked but couldn't find it, if I find it I will edit this answer.
Edit: Configuring IIS7
Josh
Should anyone wish to do this on the command line, this appears to work on IIS 7+
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/ipSecurity /+"[ipAddress='0',allowed='False']" /commit:apphost
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/ipSecurity /+"[ipAddress='127.0.0.1',allowed='True']" /commit:apphost
Reference
I initially wanted to do this in web.config to ease distribution, and it looked like the following might work:
<security>
<ipSecurity allowUnlisted="false"> <!-- this line blocks everybody, except those listed below -->
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="127.0.0.1" allowed="true"/> <!-- allow requests from the local machine -->
</ipSecurity>
</security>
but as you need to unlock the function in the central IIS config anyway there was no advantage over making the change directly using the first commands.
I agree with the recommendations to use IIS "Directory Security" to block all IP address except 127.0.0.1 (localhost).
That said, I'm wondering how this strategy of requiring users to remote in could possibly be more secure. Wouldn't it be more secure (as well as much simpler) to use standard IIS authentication mechanisms rather than have to manage Windows roles and permissions on the server machine?
As suggested in https://stackoverflow.com/a/39870955/2279059, it is possible to configure the site's bindings to listen only on the loopback interface. This makes the site inaccessible from the network without having to use IP address restrictions.
To support both IPv4 and IPv6, add two bindings, one for 127.0.0.1 and one for [::1], and set the hostname to *, so either IP address or localhost can be used to access it as shown in the screenshot:
To add a "local" site programmatically, you can use:
appcmd add site /name:MyLoalSite /bindings:http/127.0.0.1:7103:*,http/[::1]:7103:* /physicalPath:"C:\path\to\site\"
Depending on exactly what you want to happen if an unauthorized user tries to visit it.
You could try to setup the specific section as a virtual directory, then deny view to anonymous users. However, they will be prompted for login, and if they can login then they could see it.
Judging from the options present in the IIS MMC, you can also have a virtual directory only be accessible by certain IP-ranges. You could block everyone but 127.0.0.1. I have not tried this, however.
You can grant or deny access to a site or folder from certain IPs to a site or folder. In IIS, go into properties for the site or folder in question.
(1) Click to the "Diectory Security" Tab
(2) Click Edit Under the "IP Address and Domain Name Restriction" frame.
(3) Click "Denied Access" (This tells IIS to block every IP except those you list)
(4) Click "Add..."
(5) Click "Single Computer"
(6) Enter 127.0.0.1 (the IP of localhost)
Note that it is best to use an IP here (as I've described) rather than a domain name because domains can be easily forged using a hosts file.
You could simply add this .NET to the top of the page.
string MyWebServerName = currentContext.Request.ServerVariables["SERVER_NAME"];
if ( MyWebServerName == "127.0.0.1" || MyWebServerName == "localhost" )
{
// the user is local
}
else
{
// the user is NOT local
}