I am running IIS 6 on Windows 2003 Enterprise Server. I am seeking to secure
a directory in a virtual directory website in much the same way as I would in
apache using a htaccess file.

My goal is to restrict access to the directory in the website to only those
that have come to any page in that directory via my index.html page on my
site. In apache I would do this in an .htaccess file using a rewrite rule to
direct them to my specific page url according to a Rewrite Condition such as:

RewriteCond %{HTTP_REFERER} !^http://www.domain.com [NC]
RewriteRule /* http://www.domain.com/index.html [R,L]

This should keep anyone from getting to any other page in my website unless
they follow a link from my main index page. If they attempted to get there
via a bookmark, they would be redirected to the index page.

I have multiple sites on this server, so do not want a global solution, nor
do I want to restrict the entire website, only specific folders in the
website. Basically, I want to allow anonymous users to access any page from
any outside IP/domain, but only gain access to certain directories after they
fill out a form on the index page.

Can this be done? Or do I need to go back to a Linux/Apache solution?

Kevin Hughes

Yes, this can be done on IIS.

What you are asking for really has nothing to do with Linux/Apache nor
htaccess. You are simply asking about a web server that supports
mod_rewrite - like functionality (which is basically allowing regexp
matching against the request and then execute some conditional), and that
functionality is supported by both Apache and IIS regardless of OS.

It just happens that mod_rewrite is released as Open Source and Apache
distros ship with it, while several commercial companies wrote similar ones
for IIS which need to be purchased. Strangely, no one has adapted
mod_rewrite for IIS even though the source code is already Open Source and
is very possible.

Otherwise, you'll need to concoct a simple, custom ISAPI Filter to do
this -- fetch the HTTP_REFERER server variable, check it against the rewrite
value, and redirect to the Rewrite target if it does not match. Probably
takes <10 minutes to whip up.

Or you can run Apache on Windows. Or Apache on Linux. But realize that you
are really reliant on mod_rewrite functionality and not Apache/IIS nor
Linux/Windows.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
I am running IIS 6 on Windows 2003 Enterprise Server. I am seeking to secure
a directory in a virtual directory website in much the same way as I would
in
apache using a htaccess file.

My goal is to restrict access to the directory in the website to only those
that have come to any page in that directory via my index.html page on my
site. In apache I would do this in an .htaccess file using a rewrite rule to
direct them to my specific page url according to a Rewrite Condition such
as:

RewriteCond %{HTTP_REFERER} !^http://www.domain.com [NC]
RewriteRule /* http://www.domain.com/index.html [R,L]

This should keep anyone from getting to any other page in my website unless
they follow a link from my main index page. If they attempted to get there
via a bookmark, they would be redirected to the index page.

I have multiple sites on this server, so do not want a global solution, nor
do I want to restrict the entire website, only specific folders in the
website. Basically, I want to allow anonymous users to access any page from
any outside IP/domain, but only gain access to certain directories after
they
fill out a form on the index page.

Can this be done? Or do I need to go back to a Linux/Apache solution?

Kevin Hughes
Avalon Technologies