Mads Kristensen

My personal blog about everything tech

I was ones faced with the issue of enforcing copyright on different files on a website. That meant that images and dynamically created XML files had to be blocked if accessed from outside the website. So, I had to find a way to prevent other websites from linking to or referencing these files. Copyright or not, it is a good idea to do it on dynamically created files such as charts, because they take a lot of computer power to generate.

That resulted in an HttpModule that stops all requests coming from outside the website to a custom list of files. If your images are inserted into a <img> tag on another domain, they will be blocked. The list can use wildcards so you can stop all files of a certain type as well. It could look like this *.gif|*.jpg|image.ashx.

Below are the two methods of the module that stops the illegal requests.

private void context_BeginRequest(object sender, EventArgs e)
{
 HttpContext context = ((HttpApplication)sender).Context;
 // Do nothing if the request is legal
 if (ReguestIsLegal(context))
  return;

 // Accessed directly
 if (context.Request.UrlReferrer == null)
 {
  context.Response.Write("Access denied");
  context.Response.End();
 }

 // Linked to or embedded into another domain
 if (context.Request.UrlReferrer.Host != context.Request.Url.Host)
 {
  context.Response.Write("Access denied");
  context.Response.End();
 }
}

privatebool ReguestIsLegal(HttpContext context)
{
 string mappings = ConfigurationManager.AppSettings["BlockMapping"];
 string fileName = context.Request.PhysicalPath;

 foreach (string map in mappings.Split('|'))
 {
  string cleaned = map.Replace("*", ".*").Replace(".", "\\.");
  if (Regex.IsMatch(fileName, cleaned, RegexOptions.IgnoreCase))
   returnfalse;
 }

returntrue;
}

The method RequestIsLegal uses regular expressions to determine if the requested file matches the mappings in the web.config.

Implementation

Download the ExternalAccessModule.cs below and add put it in the App_Code folder. Then add the following lines to the web.config’s <system.web> section.

<httpModules>
 <add type="ExternalAccessModule" name="ExternalAccessModule"/>
</httpModules>

And last, add the mappings to the AppSettings of the web.config. Modify it to match your own files.

<add key="BlockMapping" value="*.gif|*.jpg|image.ashx"/>

Download

ExternalAccessModule.zip (,85 KB)

Comments


Comments are closed