If you are currently using Request ("ParameterName") to retrieve the parameters, you should go to Request.Form ("ParameterName"), which will only receive the parameter if it was POSTED.
Alternatively, you can find the method used to access the page from the Request.ServerVariables collection and end the script if it is not POST. Here is an example:
If Request.ServerVariables("REQUEST_METHOD") <> "POST" Then Response.End
I noticed that you also said that you only want to receive messages from your server. The above changes will still allow you to configure another web page to POST to your page. If you want only your web page to be able to post, you will need to add extra protection. Here is one way to do it.
1) When you create your form, create random numbers and create a session variable called a random number with a value that needs to be checked later.
Randomize strVarName = Int((999999 - 100000 + 1) * Rnd() + 100000) Session(strVarName) = "Authorised"
2) In your form, add a hidden field with a random number value.
<input type="hidden" name="varname" value="<%= strVarName %>" />
3) In the script that processes the published form, gets the value of the hidden field.
strVarName = Request.Form("varname")
4) Make sure the session variable is set and set to True.
If Session(strVarName) <> "Authorised" Then 'Failed! Either show the user an error message or stop processing Response.End End If
5) Delete the session variable to resubmit the same form.
Session.Items.Remove(strVarName)
You do not need a random number, but its use means that the same user can open several forms in different windows / tabs, and each of them will work.