I recently found out that there are other domain names pointing to my website (that don't belong to me) and I was wondering how people can stop/prevent this from happening. I'm hosting this on peer1 using IIS and I'm using ASP.NET C#.
我最近发现有其他域名指向我的网站(不属于我),我想知道人们如何阻止/阻止这种情况发生。我使用IIS在peer1上托管这个,我正在使用ASP.NET C#。
Can I use an HttpModule or some other code to reject domain names that aren't mine?
我可以使用HttpModule或其他代码来拒绝不属于我的域名吗?
Is there a better way?
有没有更好的办法?
7 个解决方案
#1
5
You should activate name-based virtual hosting and only show your real website for the desired domain names. For all other names, you can display a suitable error message.
您应激活基于名称的虚拟主机,并仅显示您所需域名的真实网站。对于所有其他名称,您可以显示适当的错误消息。
Details: Your webserver is contacted by its IP address. There is nothing you can do to stop that. Anyone can say, "connect to that IP address". For instance, anyone can register new domain names to point to your server's IP address. However, inside the request, there is a field Host
with a name like www.example.com
.
详细信息:您的网络服务器通过其IP地址联系。你无能为力阻止这一切。任何人都可以说,“连接到该IP地址”。例如,任何人都可以注册新域名以指向服务器的IP地址。但是,在请求中,有一个名为www.example.com的字段主机。
Upon receiving the request, your server may choose to inspect the Host
field and deliver different content depending on that value. In the simplest case, the server ignores the field entirely and always prints out the same content. But in a more sophisticated set-up, so called "name-based (virtual) hosting", the server chooses the content depending on the hostname.
收到请求后,您的服务器可能会选择检查“主机”字段,并根据该值提供不同的内容。在最简单的情况下,服务器完全忽略该字段并始终打印出相同的内容。但是在更复杂的设置中,所谓的“基于名称(虚拟)托管”,服务器根据主机名选择内容。
This is how shared webhosts work: There's a single server, but depending on the requested hostname it spits out a different website for each name.
这就是共享webhosts的工作方式:有一个服务器,但根据请求的主机名,它会为每个名称分配一个不同的网站。
Therefore, if you want to tie your server content to your hostname, you have to tell your server to produce your website only for your desired name, and to produce a different (error) website for all other cases.
因此,如果要将服务器内容与主机名绑定,则必须告知服务器仅为您所需的名称生成您的网站,并为所有其他情况生成不同的(错误)网站。
In Apache this is trivial to configure, just check their documentation; for IIS I wouldn't know but I imagine it's equally simple.
在Apache中,这很简单,只需检查他们的文档;对于IIS,我不知道,但我想它也同样简单。
#2
3
If your hosting environment is IIS and you have admin access to it. Set your default website to show an error page and then create a new site with the host header matching your domain to point to your website.
如果您的托管环境是IIS并且您具有管理员访问权限。将您的默认网站设置为显示错误页面,然后使用与您的域匹配的主机标题创建一个新站点以指向您的网站。
#3
2
This is my solution. It really works fast and solved my problem.
这是我的解决方案。它真的很快,解决了我的问题。
Insert this code in your .htacces
在.htacces中插入此代码
RewriteCond %{HTTP_HOST} !^www.higueyrd.com$
RewriteRule ^/?(.*) http://www.higueyrd.com/$1 [QSA,R=301,L]
Just put your domain.
只需把你的域名。
#4
1
In IIS there is a setting called bindings that allows you to select which hostnames your website will respond to. This feature allows an instance of IIS to host mulitple websites on a single IP address.
在IIS中有一个称为绑定的设置,允许您选择您的网站将响应的主机名。此功能允许IIS实例在单个IP地址上托管多个网站。
If you want your site to only work for http://example.com/ and http://www.example.com/, you should set the bindings to only work for "example.com" and "www.example.com".
如果您希望自己的网站仅适用于http://example.com/和http://www.example.com/,则应将绑定设置为仅适用于“example.com”和“www.example.com” ”。
The exception here is if you are using SSL. If you are, IIS cannot determine the hostname and you will most likely have to use a dedicated IP address for your site. In that scenario, user608576's solution will work. Although, I would put that code in your Global.asax
file:
这里的例外情况是您使用SSL。如果是,IIS无法确定主机名,您很可能必须为您的站点使用专用IP地址。在那种情况下,user608576的解决方案将起作用。虽然,我会将该代码放在您的Global.asax文件中:
<%@ Application Language="C#" %>
<script runat="server">
void Application_BeginRequest(Object sender, EventArgs args)
{
HttpRequest request = HttpContext.Current.Request;
HttpResponse response = HttpContext.Current.Response;
if( (request.Url.Host != "example.com") && (request.Url.Host != "www.example.com") )
{
response.Clear();
response.Write("Unauthorized domain name: " + request.Url.Host);
response.End();
}
}
</script>
#5
1
As a temporary fix you can do this . May be on home page load or BeginRequest .
作为临时修复,您可以执行此操作。可能在主页加载或BeginRequest上。
if(!Request.Url.Host.ToLower().contains("mysite.com")){
Response.Redirect("error.html");
}
#6
0
If i remember right when i last check my sites cpanel i saw a feature that stopped redirections to my domain if checked. I´m using Hostso as my host so check their test cpanel for it.
如果我记得我上次检查我的网站cpanel时,我看到一个功能,如果选中,则停止重定向到我的域。我使用Hostso作为我的主机,所以检查他们的测试cpanel。
Hope it helps alittle atleast :)
希望它至少可以帮助:)
Fredrik wirth
弗雷德里克
#7
0
if you want to handle in code then do it in Global.asax in BeginRequest as below
如果你想在代码中处理,那么在BeginRequest中的Global.asax中执行它,如下所示
void Application_BeginRequest(object sender, EventArgs e)
{
if (!context.Request.Url.Host.ToLower().Equals("www.mydomain.com"))
{
context.Rewritepath("/invalidpage.aspx");
}
}
The other simple way is to specify a host headers in IIS for your website.
另一种简单的方法是在IIS中为您的网站指定主机头。
http://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx Note: I am writing through my mobile so consider spelling mistakes
http://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx注意:我正在通过手机写作,所以考虑拼写错误
#1
5
You should activate name-based virtual hosting and only show your real website for the desired domain names. For all other names, you can display a suitable error message.
您应激活基于名称的虚拟主机,并仅显示您所需域名的真实网站。对于所有其他名称,您可以显示适当的错误消息。
Details: Your webserver is contacted by its IP address. There is nothing you can do to stop that. Anyone can say, "connect to that IP address". For instance, anyone can register new domain names to point to your server's IP address. However, inside the request, there is a field Host
with a name like www.example.com
.
详细信息:您的网络服务器通过其IP地址联系。你无能为力阻止这一切。任何人都可以说,“连接到该IP地址”。例如,任何人都可以注册新域名以指向服务器的IP地址。但是,在请求中,有一个名为www.example.com的字段主机。
Upon receiving the request, your server may choose to inspect the Host
field and deliver different content depending on that value. In the simplest case, the server ignores the field entirely and always prints out the same content. But in a more sophisticated set-up, so called "name-based (virtual) hosting", the server chooses the content depending on the hostname.
收到请求后,您的服务器可能会选择检查“主机”字段,并根据该值提供不同的内容。在最简单的情况下,服务器完全忽略该字段并始终打印出相同的内容。但是在更复杂的设置中,所谓的“基于名称(虚拟)托管”,服务器根据主机名选择内容。
This is how shared webhosts work: There's a single server, but depending on the requested hostname it spits out a different website for each name.
这就是共享webhosts的工作方式:有一个服务器,但根据请求的主机名,它会为每个名称分配一个不同的网站。
Therefore, if you want to tie your server content to your hostname, you have to tell your server to produce your website only for your desired name, and to produce a different (error) website for all other cases.
因此,如果要将服务器内容与主机名绑定,则必须告知服务器仅为您所需的名称生成您的网站,并为所有其他情况生成不同的(错误)网站。
In Apache this is trivial to configure, just check their documentation; for IIS I wouldn't know but I imagine it's equally simple.
在Apache中,这很简单,只需检查他们的文档;对于IIS,我不知道,但我想它也同样简单。
#2
3
If your hosting environment is IIS and you have admin access to it. Set your default website to show an error page and then create a new site with the host header matching your domain to point to your website.
如果您的托管环境是IIS并且您具有管理员访问权限。将您的默认网站设置为显示错误页面,然后使用与您的域匹配的主机标题创建一个新站点以指向您的网站。
#3
2
This is my solution. It really works fast and solved my problem.
这是我的解决方案。它真的很快,解决了我的问题。
Insert this code in your .htacces
在.htacces中插入此代码
RewriteCond %{HTTP_HOST} !^www.higueyrd.com$
RewriteRule ^/?(.*) http://www.higueyrd.com/$1 [QSA,R=301,L]
Just put your domain.
只需把你的域名。
#4
1
In IIS there is a setting called bindings that allows you to select which hostnames your website will respond to. This feature allows an instance of IIS to host mulitple websites on a single IP address.
在IIS中有一个称为绑定的设置,允许您选择您的网站将响应的主机名。此功能允许IIS实例在单个IP地址上托管多个网站。
If you want your site to only work for http://example.com/ and http://www.example.com/, you should set the bindings to only work for "example.com" and "www.example.com".
如果您希望自己的网站仅适用于http://example.com/和http://www.example.com/,则应将绑定设置为仅适用于“example.com”和“www.example.com” ”。
The exception here is if you are using SSL. If you are, IIS cannot determine the hostname and you will most likely have to use a dedicated IP address for your site. In that scenario, user608576's solution will work. Although, I would put that code in your Global.asax
file:
这里的例外情况是您使用SSL。如果是,IIS无法确定主机名,您很可能必须为您的站点使用专用IP地址。在那种情况下,user608576的解决方案将起作用。虽然,我会将该代码放在您的Global.asax文件中:
<%@ Application Language="C#" %>
<script runat="server">
void Application_BeginRequest(Object sender, EventArgs args)
{
HttpRequest request = HttpContext.Current.Request;
HttpResponse response = HttpContext.Current.Response;
if( (request.Url.Host != "example.com") && (request.Url.Host != "www.example.com") )
{
response.Clear();
response.Write("Unauthorized domain name: " + request.Url.Host);
response.End();
}
}
</script>
#5
1
As a temporary fix you can do this . May be on home page load or BeginRequest .
作为临时修复,您可以执行此操作。可能在主页加载或BeginRequest上。
if(!Request.Url.Host.ToLower().contains("mysite.com")){
Response.Redirect("error.html");
}
#6
0
If i remember right when i last check my sites cpanel i saw a feature that stopped redirections to my domain if checked. I´m using Hostso as my host so check their test cpanel for it.
如果我记得我上次检查我的网站cpanel时,我看到一个功能,如果选中,则停止重定向到我的域。我使用Hostso作为我的主机,所以检查他们的测试cpanel。
Hope it helps alittle atleast :)
希望它至少可以帮助:)
Fredrik wirth
弗雷德里克
#7
0
if you want to handle in code then do it in Global.asax in BeginRequest as below
如果你想在代码中处理,那么在BeginRequest中的Global.asax中执行它,如下所示
void Application_BeginRequest(object sender, EventArgs e)
{
if (!context.Request.Url.Host.ToLower().Equals("www.mydomain.com"))
{
context.Rewritepath("/invalidpage.aspx");
}
}
The other simple way is to specify a host headers in IIS for your website.
另一种简单的方法是在IIS中为您的网站指定主机头。
http://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx Note: I am writing through my mobile so consider spelling mistakes
http://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx注意:我正在通过手机写作,所以考虑拼写错误