Restrict IIS virtual directory to specific HTTP host header?

Question

I have a website setup in IIS with 2 HTTP Headers (www.mysite.com and [blank]).

There is a virtual directory called 'blog' which points to a WordPress site - this is accessed via www.mysite.com/blog/

Any other requests (e.g. www.site1.com, www.site2.com, something.mysite.com) are handled by the same site (using the [blank] header) and rewrite rules to display the necessary information.

The problem is I don't want /blog/ to be available to anything other than www.mysite.com, as presently I can access it with any of the following:

www.site1.com/blog/ something.mysite.com/blog/

This is because we are also using BlogEngine (for user blogs) and if they set their blog directory to be 'blog' then it clashes with the WordPress one.

Ideally I'd like to be able to add a host header to the virtual directory, but can't find a way to do that, so looking for any other solutions (other than moving the WordPress blog).

Thanks in advance

Answer 1

You can prevent browsing to /blog on non-www.mysite.com sites using a UrlRewrite rule:

<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
  <match url="*" />
  <conditions logicalGrouping="MatchAll">
    <add input="{URL}" pattern="/blog*" />
    <add input="{HTTP_HOST}" pattern="www.mysite.com" negate="true" />
  </conditions>
  <action 
      type="CustomResponse" statusCode="403" 
      statusReason="Forbidden: Access is denied." 
      statusDescription="You do not have permission to view this directory or page." />
</rule>