ayilmaz ayilmaz - 8 months ago 34
ASP.NET (C#) Question

How to make a folder and its content inaccessible via HTTP

I have a folder called "Template" in my project and want to make it inaccessible via HTTP. I added a web.config file. It makes the folder inaccessible but users can access any content in the folder.

They cannot access "Template" folder, but they can access "Template\index.html"

here is my web.config.

<?xml version="1.0"?>
<deny users="*"/>

how can I make the contents inaccessible?


This can be achieved by IIS Request filters. The same way the bin content is inaccessible for browsing.

Under the system.webserver section add the following. There I have enabled directory browsing just to check that even though the directory browsing is enabled users can't browse files in "Template" folder.

Set <directoryBrowse enabled="false" /> if directory browsing is not required.

<?xml version="1.0"?>
    <directoryBrowse enabled="true" />
          <add segment="Template" />

For more information refer this post.