rejetto forum

Limiting domains the site can be opened from

0 Members and 1 Guest are viewing this topic.

Offline RedyAu

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
Hello!
I was wondering, if there is a way to limit, which domains you can access an HFS site from. I'd like to limit it so that it can't be accessed by entering the ip itself, and only allow one specific domain. Is this possible? I couldn't find any info on this.
Thanks for any help!
Well, well...


Offline NaitLee

  • Tireless poster
  • ****
    • Posts: 204
  • Computer-brain boy
    • View Profile
Hi,

In the HFS window, press Alt+F6 to open "event script", put the following inside:
Code: [Select]
[request]
{.if|{.!=|{.header|Host.}|mydomain.com:8080.}|{:{.disconnect.}:}.}
Replace the domain name with yours, and omit the port if it's 80
Save it with Ctrl+S. Now HFS will disconnect any browser request not coming from the domain.

In order to allow localhost/127.0.0.1, use this:
Code: [Select]
[request]
{.if|{.and|
{.!=|{.header|Host.}|localhost:8080.}|
{.!=|{.header|Host.}|127.0.0.1:8080.}|
{.!=|{.header|Host.}|mydomain.com:8080.}
.}|{:{.disconnect.}:}.}
This is a whitelist pattern. You can put even more.

These can't prevent request header forgery, though. But this is very rare for normal people with a normal browser...
"Computation is not forbidden magic."
Takeback Template | PHFS