I have several files on my ASP.NET site that are for use solely by the application. Currently, they can be viewed in a browser by just using the URL. Is there a way to prevent this without actually moving the file or do I need to move the files to a different directory, such as _private?
-
If you are able to install software on the server, you can install Microsofts URLScan for IIS to restrict what files IIS will serve. This will be for the whole server however, rather than just the application.
You should also be able to do so on a site basis, using the web.config file, the details are here, they are for IIS 5 and .net 1.1 but the principal is the same.
Jeff Yates : Thanks. I'll try this out.Jeff Yates : The web.config file change was sufficient for the particular problem - thanks! (I'll upvote when I have better rep)From Sam Cogan -
Use the IIS Manager to block them individually by navigating to the file, right clicking on it, and removing the check from the read checkbox.
OR
Use IIS manager to create a rule for a file type (see this web page: support.microsoft.com/kb/815152)
From David Yates
0 comments:
Post a Comment