Welcome to WebmasterWorld Guest from

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Prevent User Typing Default Document in Address Bar

Prevent pages accessed by their filename



8:37 pm on Dec 16, 2008 (gmt 0)

5+ Year Member


I am trying to find out if I can prevent a user typing in www.[mydomain].com/default.asp into the browser.

The reason being that I would like to hide the fact that I am using "asp" as my scripting language.

www.[mydomain].com/ = OK. I will display the content.
www.[mydomain].com/default.asp = 404

I can handle this for any other page that is not a default document:

aParameters = Split(lcase(Request.ServerVariables("SCRIPT_NAME")),"/")
IF inStr(aParameters(UBound(aParameters)),".asp") > 0 THEN
Response.Status = "404 Not Found"
Response.Write("404 Not Found")

The problem is that root paths -
eg. www.[mydomain].com/ -
still return the script name -
eg. Request.ServerVariables("SCRIPT_NAME") = default.asp ...

I have no way of determining if a user includes the default document in the path or not.

Does anyone have a solution using ASP/VBScript for this?


9:48 pm on Dec 16, 2008 (gmt 0)

5+ Year Member

I am looking for similar function to ASP.NET's Request.RawUrl


11:18 pm on Dec 16, 2008 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Not an asp guy myself, but the proper thing to do in this case is 301-redirect from default.asp to "/".

This way, if a search engine finds a link to your default.asp URL anywhere on the Web, it will be told to use "/" instead.

According to a quick search, it appears that the variable you want is "URL", not "SCRIPT_NAME"; The latter is the filepath that the URL resolves to, so it will always point to default.asp, whether the URL indicates a request for default.asp or "/".



2:13 am on Dec 17, 2008 (gmt 0)

5+ Year Member

Thank you Jim for your prompt response.

The property Request.ServerVariables("URL") returns the script name in the string; even though I navigated to the root address without specifying "default.asp"...

Address bar = "www.[mydomain].com/shop/"
Request.ServerVariables("URL") = "/shop/Default.asp"
Request.ServerVariables("SCRIPT_NAME") = "/shop/Default.asp"
Request.ServerVariables("PATH_INFO") = "/shop/Default.asp"

Explanations from DevGuru:
"URL" is the base portion of the URL.
"SCRIPT_NAME" is the virtual path to the calling script.
"PATH_INFO" is extra path information as given by the client.

(Having said that - I seem to get the result back for ALL three properties!)

Unfortunately it doesn't return "/shop/", which was what I was attempting to retrieve. The script name is always returned, not the true "raw" URL path that may have been entered into the address bar.

Therefore I believe this must be a limitation of classic ASP Request.ServerVariables collection object. From what I understand ASP.NET can do this using a new collection property called "Request.RawUrl".
Refer this thread: [webmasterworld.com...]

The whole purpose of this thread for me was to try and prevent a user identifying my technology used for my script language. With this limitation I cannot prevent the user from guessing the "default.asp" script name for my default documents. Maybe the solution to this lies in ISAPIREWRITE as my only option?

Moving along...in relation to your post and suggestion for handling 301-redirects; while I am unable to identify if the user types the script name into the browser or not (for default documents), how would I determine if I should perform a 301-redirect from "default.asp" to "/"?

My initial concern is that this could possibly cause a recursive loop, as i would have no idea if the address ends in "/" or "default.asp". Or I am missing something regarding 301-redirects or your suggestion?

I hope you understand :)


4:03 am on Dec 17, 2008 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

I do understand, as we get the same question over in the Apache forum on an almost daily basis. And the situation is much as you have written:

If you internally rewrite (using any means) from "/" to a named resource (default.asp in your case), you cannot then redirect a request for that named resource back to "/" without first checking that the request is happening as a result of a direct client HTTP request, and not as a result of an immediately-preceding internal server rewrite.

The two ways to prevent recursion are to check the client-requested URL and only do the redirect if the client directly-requested "default.asp", or to set a flag (local variable) when rewriting from URL "/" to filepath /default.asp, and then use that flag to inhibit the redirect.

When looking at asp server variables earlier, I noted that there is some kind of "dump all variables" call, which probably returns a string array with all the vars in it. You might try that, and then see if you can parse out the client-requested URL from that array.

On Apache this is easy, because it has the variable called THE_REQUEST which is the actual HTTP request header sent by the client, including the HTTP Method, the URL-path, and the HTTP protocol level, e.g.

GET /default.asp HTTP/1.1

But anyway, I'm just an Apache guy trying to help you get a little traction in this .asp thread at a general level... :)



7:35 am on Dec 17, 2008 (gmt 0)

5+ Year Member

Persistence pays off Jim.

I continued to scour the net and finally found a "not so conspicuous" ServerVariable that has returned the string that I needed.

For those of you interested in the solution:


When you iterate through the ServerVariables collection unfortunately this property is not listed.

Hope this helps someone, it has only taken 2 days of my life!
And thank you again Jim for your thoughts and suggestions.


Featured Threads

Hot Threads This Week

Hot Threads This Month