0

I need to do a whitelist using a specific header value every request that have not that value should'nt have access, right now I'm using "Url rewrite" function but is kinda confusing for me.

I tried to use a "Request filter" to do this but I have no choise to allow the entrance by header only deny it.

In request filter I have something like this :

| Name | Examine | Apply to | Deny String |

| Example | Headers | .html | "NotAllowed" |

Cypher
  • 5
  • 3
  • That wizard is meant to lead you to create your first URL rewrite rule. To really tailor it to the shape you need, spend time learning further, as Microsoft has a bunch of articles/tutorials like https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module – Lex Li Dec 24 '20 at 17:10

1 Answers1

0

You can first customize HTTP header in a UrlRewrite condition, then use a rule to match all URLs and use a condition to check for the http header, check for the header value and reject all requests not from the UExamine. here is a case for your reference:

<rules>
    <rule name="test" stopProcessing="true">
        <match url=".*" />
        <conditions>
            <add input="{HTTP_x_header}" pattern="^Headers$" negate="true" />
        </conditions>
        <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="Using this site is not supported." />
    </rule>
</rules>

About how to customize HTTP header you can refer to this link: customize HTTP header.

samwu
  • 3,857
  • 3
  • 11
  • 25