The title says it all, is it possible to do? Lets say I need to block access via MSXML2.ServerXMLHTTP or any other object, also via ajax IF the request was not local and allow asp execution only on local machine. Is it need to be done in ASP or IIS 7 ?
Lets say we have this code:
url = "http://www.website.com"
set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.open "GET", url, false
xmlhttp.send ""
Response.write xmlhttp.responseText
set xmlhttp = nothing
Currently, my website is allowing this request from my local address at home, how to block such access?
thanks
You can also block in code - in global.asa - Edit your Session_OnStart event handler:
If request.ServerVariables("REMOTE_ADDR") = "insert your IP address here" Then
Session.Abandon
Response.End()
End If
Note: If someone connects via a proxy server you may see an IP address of the proxy instead. In some cases you may also want to interrogate the X-Forwarded-For header to see if a bad IP address is found there.
Related
I am new to asp but need to fix a software for a friend. The problem is the routine that uses MSXML2.ServerXMLHTTP to read an .asp page to produce a voucher. I have got it to work and display pages from any server, but when I try to open a page from my own Windows server the routine just returns blank, or hangs the server. Have tried everything. Wonder if it may be related to permissions?
It seems to get stuck in readyState=1.
<%
Response.Buffer = True
Dim objXMLHTTP, xml
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
' Opens the connection to the remote server.
xml.Open "GET", "http://someurl/Testpage.asp", False
' Actually Sends the request and returns the data:
xml.Send
'Display the HTML both as HTML and as text
Response.Write "<h1>The HTML text</h1><xmp>"
Response.Write xml.responseText
Response.Write "</xmp><p><hr><p><h1>The HTML Output</h1>"
Response.Write xml.responseText
Set xml = Nothing
%>
A development server has some restrictions on the amount of requests it can handle simultaneously.
Because you are in the process of executing one server-side script already, the server won't respond to the request you are sending via ServerXMLHTTP.
You can work around this by looking up the worker process for your development website in IIS Manager, and under advanced settings increase the maximum number of worker processes, which is propably set to 1.
How do I check if a request is from the local host with Classic ASP, like the bool property HttpRequest.IsLocal in ASP.NET?
How about using request.servervariables("remote_addr") and request.servervariables("local_addr") ?
I have an ASP.NET WebForms app (sender) which sends a WebClient post request to another ASP.NET app (receiver) on the same dev machine. The WebClient post is initiated by clicking a button in the sender app. It's a test app and the form has only the button. I can see the post from the button in Fiddler but I don't see the post request from the WebClient method. Why?
I know the WebClient post runs successfully because the breakpoint is hit in the receiver app and the Forms collection has the value of the input field from the WebClient request from the sender app. (Using Windows 8.1)
Update This is the call:
using (var client = new WebClient())
{
client.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
var data = "FirstName=John";
var result = client.UploadString("http://localhost/testform/default.aspx", "POST", data);
Console.WriteLine(result);
}
.NET and IE(before version 9) are not sending requests to localhost through any proxies. There are 3 possible solutions:
Use machine name or hostname: http://<machine name>/testform/default.aspx
Add ipv4.fiddler to the URL: http://localhost.fiddler/testform/default.aspx
Add custom rule to the fiddler:
static function OnBeforeRequest(oSession:Fiddler.Session){
if (oSession.HostnameIs("MYAPP")) {
oSession.host = "<put your ip address and port here>";
}
}
Then you should be able to capture traffic through http://myapp/testform/default.aspx
Reference Problem: Traffic sent to http://localhost or http://127.0.0.1 is not captured.
Could be multiple things. Here are some possibilities
You have Fiddler set to filter to only show things from a particular process (or some other type of filter but process is the easiest one to accidentally turn on)
You have not turned on HTTPS capture in Fiddler but this missing request is HTTPS (it's off by default)
Your WebClient has a custom proxy configured and isn't pulling the default settings from IE
I have a group of IP addresses.
After deploying my application, I want to only be able to access my application from a particular IP address.
How can I achieve this using the Global.asax (not through IIS)?
This is a good starting point for you
(especially as it's separated nicely into a HttpModule for subsequent re-use)
In the Session start - event handler:
say you have an array of blocked IP's i.e.
Code (text):
Dim bArr() As String = {"198.122.xxx.xx", "xxx.xxx.xx.xxx" etc.}
Code (text):
Dim strIP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If strIP="" Then strIP = Request.ServerVariables("REMOTE_ADDR")
For i As integer = 0 To bArr.UperBound
If strIP = bArr(i) Then
Response.Redirect("Permissionsdenied.html")
End If
Next
I would start in this way, in the begin request event handler in your Global class, I would determine the client IP address following this answer: https://stackoverflow.com/a/9567439/559144
then if the connecting ip is not in the allowed list, I would redirect to another page like an access denied page, a login page or the company / google home page.
I have username and password to login a web site but i need login with proxy
how can change username and pass to proxy
i can login to web site with this url www.mydomain.com?user=1&pass=2 or insert user and pass to login page
how i can login web site with HttpWebRequest in asp.net C#?
<code>
Encoding encode = System.Text.Encoding.GetEncoding("utf-8");
HttpWebRequest Request = (HttpWebRequest)HttpWebRequest.Create(Url);
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
</code>
It is well documented on MSDN, see HttpWebRequest.Proxy Property.
The local computer or application config file may specify that a
default proxy be used. If the Proxy property is specified, then the
proxy settings from the Proxy property override the local computer or
application config file and the HttpWebRequest instance will use the
proxy settings specified. If no proxy is specified in a config
file and the Proxy property is unspecified, the HttpWebRequest
class uses the proxy settings inherited from Internet Explorer on the
local computer. If there are no proxy settings in Internet Explorer,
the request is sent directly to the server.
There is also longer sample code, the most important part is:
WebProxy myProxy = new WebProxy();
myProxy.Address = "your proxy url";
myProxy.Credentials = new NetworkCredential("login", "password");
Request.Proxy = myProxy;