Block access to subdirectory using Web.config

asp.net iis-7

I have a subdirectory in my ASP.NET project that contains utility files. They're needed by the code at run time, but I don't want them to be visible over the web.

What is the syntax in a Web.config file to block access to all users to a single subdirectory and all its contents?


IIS 7 has a new "request filtering" feature. You probably want to use the hidden segments configuration:

<configuration>
 <system.webServer>
  <security>
   <requestFiltering>
    <hiddenSegments>
     <add segment="BIN"/>
    </hiddenSegments>
   </requestFiltering>
  </security>
 </system.webServer>
</configuration>

This causes http://yoursite/bin to not be servable (but http://yoursite/binary still works)

Check out: http://learn.iis.net/page.aspx/143/how-to-use-request-filtering


Your problem is that if IIS simply returns the files ASP.Net will never get a chance to interfere. I believe it can be done by enabling forms based authentication and considerable messing around, but I would simply move the files outside the wwwroot folder.

JR

Related

should use sudo or just su root in server management?
How to find the bottleneck while transferring huge files between 2 hosts
What is Zend Server for?
Is RAID 0 or JBOD better for home media server? [closed]
How do I restart Apache on Windows? "Apache -k restart" gives error "No installed service named "Apache2"
Launch different Powershell console from a console?
Do you use different wallpaper or background colors for dev, production servers?
Why does the Debian Lenny git package not install git?
Anyone used MySQL Forks in Production
Difference between server-grade RAM and desktop-grade RAM?
How can I disconnect from openvpn in windows via command line?
How to count unique values?