0 Comments

I was ones faced with the issue of enforcing copyright on different files on a website. That meant that images and dynamically created XML files had to be blocked if accessed from outside the website. So, I had to find a way to prevent other websites from linking to or referencing these files. Copyright or not, it is a good idea to do it on dynamically created files such as charts, because they take a lot of computer power to generate.

That resulted in an HttpModule that stops all requests coming from outside the website to a custom list of files. If your images are inserted into a <img> tag on another domain, they will be blocked. The list can use wildcards so you can stop all files of a certain type as well. It could look like this *.gif|*.jpg|image.ashx.

Below are the two methods of the module that stops the illegal requests.

private void context_BeginRequest(object sender, EventArgs e)
{
HttpContext context = ((HttpApplication)sender).Context;
// Do nothing if the request is legal
if (ReguestIsLegal(context))
return;

// Accessed directly
if (context.Request.UrlReferrer == null)
{
context.Response.Write("Access denied");
context.Response.End();
}

// Linked to or embedded into another domain
if (context.Request.UrlReferrer.Host != context.Request.Url.Host)
{
context.Response.Write("Access denied");
context.Response.End();
}
}

privatebool ReguestIsLegal(HttpContext context)
{
string mappings = ConfigurationManager.AppSettings["BlockMapping"];
string fileName = context.Request.PhysicalPath;

foreach (string map in mappings.Split('|'))
{
string cleaned = map.Replace("*", ".*").Replace(".", "\\.");
if (Regex.IsMatch(fileName, cleaned, RegexOptions.IgnoreCase))
returnfalse;
}

returntrue;
}

The method RequestIsLegal uses regular expressions to determine if the requested file matches the mappings in the web.config.

Implementation

Download the ExternalAccessModule.cs below and add put it in the App_Code folder. Then add the following lines to the web.config’s <system.web> section.

<httpModules>
<add type="ExternalAccessModule" name="ExternalAccessModule"/>
</httpModules>

And last, add the mappings to the AppSettings of the web.config. Modify it to match your own files.

<add key="BlockMapping" value="*.gif|*.jpg|image.ashx"/>

Download

ExternalAccessModule.zip (,85 KB)