Redirection is a powerful feature that you can use to efficiently structure and control access to your applications. For instance, if you have created an Intranet application for your company and wish to restrict access so that only your employees can access it, you could use the Response.Redirect method to divert unwanted visitors back to the public pages of your Intranet site. This example demonstrates how you could implement this feature.
The sample script first fetches the specific server variable, HTTP_REFERER, from the collection ServerVariables provided by the built-in Request object, and checks to see if the request comes from a client browser's site that is considered safe. If the client browser is considered safe, the user is in luck and is allowed view to the contents of the page. If HTTP_REFERER doesn't match, however, Response.Redirect is called, and the client browser is sent to another site - www.microsoft.com in this case.
Note Response.Redirect, like several other methods, uses the HTTP headers of the response to communicate with the client browser. For this reason, it is generally required that methods such as these do their header changes before any HTML is sent, which means the statements must occur in the .asp file before the <HTML> tags. In this example, however, an alternative method is used. If buffering is enabled, as is the case in this example, the entire response should be accumulated in the response buffer before anything is sent. Therefore, Response.Redirect still works properly, even though it is in the middle of the file, because no HTTP headers have yet been sent to the client browser when the redirection is requested.
The VBScript and JScript versions of this script are available in the IIS samples directory, at ...\asp\interaction\Redirect_VBScript.asp and ...\asp\interaction\Redirect_JScript.asp.