Deny IIS6 web request based on URL parameters?
- by user21146
I've got a legacy app running a third-party ecommerce system under IIS6. Some spammers recently discovered a bad security vulnerability in one of the store's forms, which are allowing them to send arbitrary emails from our system. Unfortunately, this store "feature" is built into the default.aspx page's code-behind and I have no way to disable it without shutting down the store.
How can I filter out URL request with a given querystring parameter? ie, I want to filter out requests to:
http://www.mysite.com/store/?id=SendSpam
based on the "SendSpam" string.