Block direct access to a URL via webconfig

Navigation
3

I have an old system in classic ASP and need to do some implementations. I have a web.config file for this application and would like to know if it is possible to block direct access to a video URL.

For example: If the user has access to the url of the video and paste in the address bar would like to block or redirect. But if a specific page of the system is using this URL it should be able to access without restrictions.

I've tried something like: 

<rule name="assets">
   <match url="^assets/videos/([a-z0-9-]*)" />
   <action type="Rewrite" url="erro.asp" />
</rule>

So it is possible to block direct access via url. But it also blocks loading of the video on the other pages of the application.

    
asked by anonymous 29.03.2017 / 19:20

2 answers

2

You can check the URL for Rerefer, like this: 

<rule name="assets">
    <match url="^assets/videos/([a-z0-9-]*)" />
    <conditions>
        <add input="{HTTP_REFERER}" pattern="^https?://www\.seusite\.com/pagina-especifica/.*$" negate="true" />
    </conditions>
    <action type="Rewrite" url="erro.asp" />
</rule>

In case you change ^http://www\.seusite\.com/pagina-especifica/ to your page that will be the only one that can access the videos

  

Note:

It is still possible to "trick" the browser using headers "modifiers", but it is somewhat more difficult to do.

    
29.03.2017 / 19:32
1

There is no way to do what you want with just web.config.

What you can do is a handler that the user accesses to view the video, and condition access to a session variable.

On the page that the user must access to be able to view the video, you give some arbitrary value to that session variable. In the handler you check whether the variable has the required value.

Maybe you want to give this variable a life time too, so the user will need to navigate to the page again after that time if you want to review the video.

    
29.03.2017 / 19:27
Hibernate vs EclipseLink incremental vs differential backup in SQL Server