iis security: Hello:

I have a ISAPI DLL in my server and I want to prevent people to access
it externally, only from the server itself.

Ex: someone has a website on server X and their HTMLs are accessing a
DLL hosted on my server.

Can I prevent it?

Thanks in advance...

Jackson Gomes

Sure, you can do what you want.

However, I'm confused. If you only want the ISAPI DLL to be accessed
from the server itself, then why did you make it an ISAPI?

This restriction appears to only allow other server-side applications
to invoke the ISAPI, at which point why don't you just make it a plain
Win32 DLL which the applications load.

Or do you actually want to have a web application, just restricted in
this instance.

You can configure IIS to restrict requests by IP with an allow or deny
mask.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//





[quoted text, click to view]

[quoted text, click to view]

In fact, I'm running a webhosting company and some of the availalble
plans allows the customer to install SOAP ISAPI servers, which I allow
externat access. The other normal ISAPI DLLs I dont want they to be
accessed externally

[quoted text, click to view]

Do you mean to limit the access to 127.0.0.1 ?

Thanks for your help...

Jackson Gomes

I'd also would like to prevent different websites to access a DLL not
hosted for that website, even if the websites are in the same
server... As the customers pays for each DLL, we can have some smart
ones which uses just 01 DLL for several websites...

Any way of doing this?

Jackson Gomes

[quoted text, click to view]


All this is doable on IIS, but you're going to have to either write
the software, find free software, or pay for existing software. It is
basically custom provisioning and authorization system, which can be
written and run on top of IIS.

For example, you can create a Windows user for every customer, and all
their websites are provisioned to use the same (or different)
Application Pools using that Windows user. Then, you can ACL your
ISAPI DLL by Windows user if they pay for access to it. And you can
write an ISAPI Filter which looks at REMOTE_ADDR and URL to decide
which local/remote IPs have access to which URL.

I have sample code on my blog which illustrates most of what is needed
and a sharp developer can easily develop the filter.

I'm not certain you're going to find the system for free since as you
say, one can make a good living off the system and where's the
competitive advantage by giving it away for free?


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//