Limiting domains the site can be opened from

RedyAu · **on:** March 22, 2022, 08:36:41 PM

Hello!
I was wondering, if there is a way to limit, which domains you can access an HFS site from. I'd like to limit it so that it can't be accessed by entering the ip itself, and only allow one specific domain. Is this possible? I couldn't find any info on this.
Thanks for any help!

NaitLee · **Reply #1 on:** March 23, 2022, 06:16:24 AM

Hi,

In the HFS window, press Alt+F6 to open "event script", put the following inside:

Code: [Select]

[request]
{.if|{.!=|{.header|Host.}|mydomain.com:8080.}|{:{.disconnect.}:}.}

Replace the domain name with yours, and omit the port if it's 80
Save it with Ctrl+S. Now HFS will disconnect any browser request not coming from the domain.

In order to allow localhost/127.0.0.1, use this:

Code: [Select]

[request]
{.if|{.and|
{.!=|{.header|Host.}|localhost:8080.}|
{.!=|{.header|Host.}|127.0.0.1:8080.}|
{.!=|{.header|Host.}|mydomain.com:8080.}
.}|{:{.disconnect.}:}.}

This is a whitelist pattern. You can put even more.

These can't prevent request header forgery, though. But this is very rare for normal people with a normal browser...

RedyAu · **Reply #2 on:** March 23, 2022, 11:32:27 AM

Thank you so much!

Limiting domains the site can be opened from

RedyAu

Limiting domains the site can be opened from

NaitLee

Re: Limiting domains the site can be opened from

RedyAu

Re: Limiting domains the site can be opened from