IIS如何阻止来自浏览器的HTTP请求
[英]IIS How to block http request from browser
问题描述
In Windows domain, Sliver-light out-of-browser app(used by many user) consuming a couple of WCF services hosted on IIS. 
在Windows域中,Sliver-light浏览器外应用程序(由许多用户使用)消耗了IIS上托管的几个WCF服务。 Now users know WCF service endpoints, they might able to execute methods without Sliver-light App. 现在,用户知道WCF服务端点,他们可能可以在没有Sliver-light App的情况下执行方法。 So is that possible IIS can identify http request from browser or Sliver-light out-of-browser App then block all requests from browser but only allow http request from Sliver-light app?add IP Security on IIS not an option as that will block user use Sliver-light app, and add PrincipalPermission attribute on WCF not an option as well because need too many domain user group and WCF methos need to handle. IIS是否可以识别来自浏览器或Sliver-light浏览器外应用程序的http请求,然后阻止来自浏览器的所有请求,但仅允许来自Sliver-light应用程序的http请求?在IIS上添加IP安全性不是一种选择,因为它将阻止用户使用Sliver-light应用程序,并且也不希望在WCF上添加PrincipalPermission属性,因为需要太多的域用户组和WCF方法来处理。
1 个解决方案
解决方案1
0 已采纳 2016-11-10 00:10:15
The problem resolved by implement Url re-write module in IIS. 通过在IIS中实现Url重写模块解决了该问题。 just use this module add a rule which only allow http request header HTTP-REFERER field include sliver-light .xap file. 只需使用此模块添加一条规则,该规则仅允许http请求标头的HTTP-REFERER字段包含sliver-light .xap文件。 REFERER in header always has same value which is .xap file. 标头中的REFERER始终具有与.xap文件相同的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.