ASP.Net URL Redirector

Domain & subdomain url redirection with file/folder security.

By: Sergeroz

Language: Visual Basic Script

Code Snippet:

This code implements use of the Global.asa file and 1 #include file,
which should be included in all pages you wish to protect.

FILES USED: GLOBAL.ASA, DOMAINCHECK.INC, 403.ASP

Global.asa file detects which domain name your visitors typed in
(using SERVER_NAME ServerVariable), and sets the DomainNum Session variable
accordingly.

DomainCheck.Inc must be included in ALL webpages you wish to "protect" like this:
<!-- #include virtual="domaincheck.inc" -->
This file contains code that will check whether visitors are allowed to visit the current URL
and will deny access or redirect accordingly.

403.asp is used to report Access Denied for protected URLs. It may be formatted any way
you wish.

Sample Scenario 1:
A visitor navigates to www.domain1.com. IIS will first execute Global.asa and will then
execute index.asp (default page).
New Session is created: DomainNum = 1, NewSession = True.
Index.asp contains the #include to domaincheck.inc, so rules are applied before executing
the remainder of index.asp:
 DenyPath is matched with the '/' entry and ThisURL = HomeURL, thus DoRedirect is called.
 HomeRedirURL is not blank, NewSession = True and ThisURL = HomeURL,
 so the visitor is redirected to '/domain1only/' directory.
Now, index.asp containing the same #include is found in the /domain1only/ directory and
domaincheck.inc is executed again:
 DenyPath is not matched (because although '/' entry matches, ThisURL is not HomeURL,
thus DoRedirect not called.
 AllowOnlyPath is blank so this check is skipped.
 NewSession is set to False.
Thus, the visitor has now been transparently transferred to the directory containing the
domain1.com website.

Sample Scenario 2:
A visitor navigates to www.domain2.com/domain1only/. IIS will first execute Global.asa
and will then execute index.asp (default page).
New Session is created: DomainNum = 2, NewSession = True. Index.asp contains the
#include to domaincheck.inc, so rules are applied before executing the remainder of
index.asp:
 DenyPath is blank so this check is skipped.
 AllowOnlyPath is not matched so DoRedirect is called.
 HomeRedirURL is not blank, NewSession = True, so the visitor is redirected
 to '/domain2only/' directory.
Now, index.asp containing the same #include is found in the /domain2only/ directory and
domaincheck.inc is executed again:
 DenyPath is blank so this check is skipped.
 AllowOnlyPath is matched so DoRedirect is not called.
 NewSession is set to False.
Thus, the visitor has now been transparently transferred to the directory containing the
domain2.com website.

Sample Scenario 3:
Repeat Sample Scenario 1, then continue:
The visitor now navigates to www.domain1.com/domain2only/ (assuming the Session has not
yet timed out). Global.asa will not be executed because a current Session is alive
(DomainNum = 1, NewSession = False). Index.asp in the /domain2only/ directory contains
the #include to domaincheck.inc, so rules are applied before executing the remainder of
index.asp:
 DenyPath is matched with the '/domain2only/' entry, thus DoRedirect is called.
 AllowOnlyPath is not blank so this check is skipped.
 HomeRedirURL is not blank, but NewSession = False and ThisURL is not HomeURL, so the
 visitor is redirected to '/403.asp?/domain2only/index.asp'. This page informs the user that
 he is not allowed to access /domain2only/index.asp.

PASTE THE CODE BELOW INTO YOUR GLOBAL.ASA FILE (CREATE ONE, IF NEEDED)

 <script language="vbscript" runat="server"> Sub Session_OnStart Dim DomainList(3) 'Number of domain names Dim ServerName Dim DomainNum Dim FoundDomain, FoundDomainNum 'List of domains you wish to detect DomainList(0) = "YOURACCOUNT.BRINKSTER.NET" 'Default domain, just in case DomainList(1) = "DOMAIN1.COM" DomainList(2) = "DOMAIN2.COM" DomainList(3) = "SUBDOMAIN.DOMAIN1.COM" 'Default assumed domain, in case of no match 'Set to -1 do deny access altogether if no match FoundDomainNum = 0 FoundDomain = False ServerName = UCase(Request.ServerVariables("SERVER_NAME")) For DomainNum = LBound(DomainList) To UBound(DomainList) 'For each domain in the domain array (DomainList) If InStr(StrReverse(ServerName), StrReverse(DomainList(DomainNum))) = 1 Then 'If the ServerName ends with matching name from DomainList If FoundDomain Then 'If a matching domain was already found If ServerName = DomainList(DomainNum) Then 'If the ServerName is an EXACT match to the name in DomainList '(This is for subdomains) FoundDomain = True FoundDomainNum = DomainNum End If Else 'If this is the first match FoundDomain = True FoundDomainNum = DomainNum End If End If Next 'Set DomainNum to the correct domain name from DomainList '(0 by default, if no match found) Session("DomainNum") = FoundDomainNum 'This variable is used by DOMAINCHECK.INC '(Global.asa is ONLY executed when a new Session is created) Session("NewSession") = True End Sub </script>

PASTE THE CODE BELOW INTO YOUR DOMAINCHECK.INC FILE (CREATE ONE, IF NEEDED)

 <% Dim LoopCounter Dim ThisURL, HomeURL Dim DenyPath, AllowOnlyPath, PathArray Dim DoRedir, DenyRedirURL, HomeRedirURL DoRedir = False ThisURL = UCase(Request.ServerVariables("URL")) HomeURL = "/INDEX.ASP" DenyRedirURL = "/403.asp?" & Request.ServerVariables("URL") Select Case Session("DomainNum") Case 0 'youraccount.brinkster.net DenyPath = "" AllowOnlyPath = "" HomeRedirURL = "" Case 1 'domain1.com DenyPath = "/;/domain2only/" AllowOnlyPath = "" HomeRedirURL = "/domain1only/" Case 2 'domain2.com DenyPath = "" AllowOnlyPath = "/domain2only/" HomeRedirURL = "/domain2only/" Case 3 'subdomain.domain1.com DenyPath = "" AllowOnlyPath = "/domain1only/sub/;/domain2only/sub/" HomeRedirURL = "/domain1only/sub/" Case Else DenyPath = "/" AllowOnlyPath = "" HomeRedirURL = "" End Select If Not DenyPath = "" Then PathArray = Split(DenyPath, ";") For LoopCounter = LBound(PathArray) To UBound(PathArray) PathArray(i) = UCase(PathArray(i)) If InStr(ThisURL, PathArray(i)) = 1 Then If PathArray(i) <> "/" Or _ (PathArray(i) = "/" And ThisURL = HomeURL) Then DoRedir = True Exit For End If End If Next End If If DoRedir Then DoRedirect If Not AllowOnlyPath = "" Then DoRedir = True PathArray = Split(AllowOnlyPath, ";") For LoopCounter = LBound(PathArray) To UBound(PathArray) PathArray(i) = UCase(PathArray(i)) If InStr(ThisURL, PathArray(i)) = 1 Then If PathArray(i) <> "/" Or _ (PathArray(i) = "/" And ThisURL = HomeURL) Then DoRedir = False Exit For End If End If Next End If If DoRedir Then DoRedirect If Session("NewSession") Then Session("NewSession") = False Sub DoRedirect If HomeRedirURL = "" Then Response.Redirect(DenyRedirURL) Else If Session("NewSession") Or ThisURL = HomeURL Then Response.Redirect(HomeRedirURL) Else Response.Redirect(DenyRedirURL) End If End If End Sub %>

ASP.VB Code URL ReWrite without ISAPI, with Subdomain / Domain support

Replace (text) areas with proper values.

Private Sub Page_Load(sender As Object, e As System.EventArgs) If Not IsPostBack Then Dim url As String = Request.Url.ToString().ToLower() Dim domain As String If url.StartsWith( "http://" ) Then url = url.Substring( 7 ) End If Dim x As Integer = url.IndexOf("/") If x > 0 Then domain = url.Substring( 0, x ) Else domain = url End If Select Case domain Case " (subdomain/domain) ": Response.Redirect( " (http://url) ", true ) Exit Sub End Select Response.Write("(" + domain + ")" ) End If End Sub