Anti-leech the server

Dev Shed Forums Sponsor:

February 14th, 2004, 07:43 PM

CHIngs

Contributing User

Join Date: Jul 2003

Location: Edison

Posts: 143

Time spent in forums: 45 m 54 sec
Reputation Power: 10

Anti-leech the server

how can i anti-leech the whole server, meaning only the sites i assign can access the server and if soeone try to access it directly or thru another site they will be redirected to another page, i searched for the solution everywhere but didnt find anything even close to it, atleast does anyone know how can i do it to a folder instead of the whole server, kinda like .htacess in linux.

by the way i have coldfusion on WIN XP server,

thanx guys

February 15th, 2004, 12:06 PM

kiteless

Moderator

Join Date: Jun 2002

Location: Raleigh, NC

Posts: 5,091

Time spent in forums: 2 Weeks 5 Days 2 h 53 m 27 sec
Reputation Power: 966

As I see it you have two options: application security or web server security.

Using IIS, you can right click on a web site and choose Directory Security. You can grant or deny access based on IP address or domain name of the requesting client.

Using CFMX, you could add code to the Application.cfm file that looks at the user's IP address (in the CGI scope) and if it is not one that you want to allow, you do a redirect or display an error message.

February 15th, 2004, 02:17 PM

CHIngs

Contributing User

Join Date: Jul 2003

Location: Edison

Posts: 143

Time spent in forums: 45 m 54 sec
Reputation Power: 10

what do u mean add a code to application cfm, because application.cfm is all

PHP Code:


		
			
 Allaire Cold Fusion Template

Header Size: New Version.»2+¾“«¥¥y,û¸

&ãhqØ¤ä8X°É¿Ìò©‰P^qvßNÊÒ‡ùFÍû'ÉÊËåwI©Mé›1<D]6=ÌÊ•

#¢û=ÒÂ“šüù>eÐ×åRŽ™‚«:û·é¼–ÄÏ/\w–øŽ

|ºƒúëÞ>÷›¤êÑÃ7_ôjæXëÂØO€ÑßQõÜèÐ‹

that, i am new to cfml, so i am not sure what code exactly you are talking about.

does the code might be something like this

PHP Code:


		
			
<cfset directory = "path to directory">

<cfif CGI.HTTP_REFERER DOES NOT CONTAIN "http://www.domain.com/">

<cfparam name="url.file" default="">

<cflocation url="http://redirect url/">

<cfelse>

<cfheader name="Content-Disposition" value="inline; filename=#URLDecode(URL.file)#">

<cfcontent file="#Directory##URLDecode(URL.file)#" type="application/x-zip-compressed">

</cfif>

and i dont have IIS, my CFMX runs on the server that came with CFMX, can can you help me man

February 15th, 2004, 05:32 PM

kiteless

Moderator

Join Date: Jun 2002

Location: Raleigh, NC

Posts: 5,091

Time spent in forums: 2 Weeks 5 Days 2 h 53 m 27 sec
Reputation Power: 966

The code you showed is an encrypted CFML file. Are you saying you don't have access to the original code?

Yes, the CFML code you showed is similar to what I would envision to catch unauthorized IP addresses. Something like:

<cfset authorizedIPList = "173.387.905.21,958.585.484.949" />

<cfif not listFindNoCase( authorizedIPList, cgi.remote_addr )>
error message or cflocation
</cfif>

This assumes that you know the IP addresses that should be allowed in.

Finally, there is no Windows XP server. If you mean Windows XP Pro, it is really not meant to be a web server. If you mean Windows .NET Server then you are in better shape. Both of these have IIS available.

The internal web server that runs the standalone CFMX installation is meant for development only, and is not robust enough to use in a production environment. You should install it to run with IIS or Apache.