阻止来自asp.net网站的域名

本文介绍了阻止来自asp网站的域名的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我想阻止像abc，xyz.co.uk这样的域名列表访问我的asp网站，同时浏览来自该域名的链接或通过该域名上的任何脚本。所需的结果，它将给出尝试从某个域远程访问我们网站的脚本的403响应 - 或者如果通过浏览器从该域的链接访问它。 我想阻止域而不是IP，因为IP可以动态更改。 我可以使用referer头，但不能总是依赖它发送（或正确） 注意：我的ASP.NET网站托管在IIS 7.5上。 问候， Habib

I want to block a list of domains like abc, xyz.co.uk to access my asp website while browsing from a link from that domain or via any script on that domain. The desired result, it will give the 403 response to scripts that try and remotely access our website from a certain domain - or if it is accessed via a browser from a link from that domain. I want to block domains not IPs because IPs may be dynamically changed. I can use the referer header, but can't depend on it always being sent (or being correct) Note: My ASP.NET website hosted on IIS 7.5. Regards, Habib

推荐答案

Quote：

我可以使用referer标题，但不能依赖它始终被发送（或正确）

I can use the referer header, but can't depend on it always being sent (or being correct)

这是真的。除了标题之外，您几乎没有机会知道用户之前访问过的页面。这是网站的基本概念，不容易改变。您可以预先假设大多数浏览器将发送正确的标头，并使用它来阻止访问。 如果这还不够，您可以检查网站在计算机上放置的cookie然后检查这些cookie是否存在。除了这些可能的解决方案，我没有看到任何其他方法。 出于好奇：你为什么需要这个功能？

This is true. Apart from the header, you got nearly no chance to know which page the user visited previously. This is a basic idea of websites, and is not easy to be changed. You can pre-assume that most of the browsers will send the correct header, and use it to block the access. If this isn't enough you can examine what cookies a web site places on the computer and then check whether these cookies do exist. I don't see any other approach apart from these possible solutions. Just out of curiosity: Why do you need this feature?