Is it possible to do a URL Rewrite Redirect from the site URL to the site domain name?

Discussion in 'Site Programming, Development and Design' started by Jabberwock, Aug 12, 2014.

  1. I've got a detailed question for you all, as Winhost Support sent me here and despite my online searching, I haven't found a solid answer -- at least that I as a non-sys admin can discern.

    I'm trying to secure my site a bit more due to visits from some less-than-friendly bots and/or humans. To that end, I've signed up for SiteLock's "web application firewall" and have been reviewing our sites potential vulnerabilities.

    I've been able to use the "Add Allow Entry" in IIS to add the SiteLock IP ranges. My understanding is that plus the DNS configurations mean that anyone going to mydomain.com will be routed through SiteLock's content network and therefore their firewall.

    (Incidentally, a security colleague kindly tested the firewall and his probing was documented and, in once case when he was trying to be extra naughty, stopped).

    However, there appears to be a weakness in that, if a less-than-friendly person has the site's IP address, they could do to the site by typing that in, avoiding the firewall altogether.

    (I have also tested this with all the "Add Allow Entries" in place and have been able to get to the site -- as near as I can figure -- without going through the firewall).

    So I wanted to figure out some way that I could do a redirect where anyone trying to go directly to the site IP got re-directed to the site name, thereby forcing them to go through the firewall.

    The answer seems like it might be the URL Rewrite to redirect the thread, but all the examples I've seen involve redirecting from subdomains (e.g. if "domain.com/place" then redirect to "domain.com")

    Would anyone be able to tell me
    a) If this is possible?
    b) If there is a sample script I can follow?
     
    Last edited by a moderator: Oct 14, 2015
  2. ComputerMan

    ComputerMan Winhost Staff

    Did you also add the "Deny" rule through IIS Manager? Even if you add the "Add Allow Entry..." rule with the IP address ranges. You also need to add the Deny All others.

    Go back into IIS Manager. Click on IP address and Domain Restrictions module and click on "Edit Feature Settings..." under the actions section. In the "Access for unspecified clients" click on the drop down menu and select "Deny". Now everyone will be denied if they don't come from the IP ranges you have allowed. Click ok.

    In regards to the IP address URL Rewrite rule I was able to find this web page article here: http://serverfault.com/questions/286295/iis7-5-redirect-ip-to-domain
     
    Michael likes this.
  3. Thank you. I felt there might be a simpler way than the URL rewrite. I've added the Deny rule as described via the "Edit Feature Settings..." and tested it from a couple different devices/IPs. When I put in the domain name, it comes through to the site okay. When I enter the site's IP, it prompts me to login, and when I cancel, it gives me the unauthorized message.

    So, in other words, it's locked down pretty much like I hoped.
     
    ComputerMan likes this.
  4. ComputerMan

    ComputerMan Winhost Staff

    Sweet! Thanks for the update. Glad it help you out :)
     

Share This Page