ayilmaz ayilmaz - 1 month ago 7
ASP.NET (C#) Question

How to make a folder and its content inaccessible via HTTP

I have a folder called "Template" in my project and want to make it inaccessible via HTTP. I added a web.config file. It makes the folder inaccessible but users can access any content in the folder.

They cannot access "Template" folder, but they can access "Template\index.html"

here is my web.config.

<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>


how can I make the contents inaccessible?

Answer

This can be achieved by IIS Request filters. The same way the bin content is inaccessible for browsing.

Under the system.webserver section add the following. There I have enabled directory browsing just to check that even though the directory browsing is enabled users can't browse files in "Template" folder.

Set <directoryBrowse enabled="false" /> if directory browsing is not required.

<?xml version="1.0"?>
<configuration>
  <system.webServer>
    <directoryBrowse enabled="true" />
    <security>
      <requestFiltering>
        <hiddenSegments>
          <add segment="Template" />
        </hiddenSegments>
      </requestFiltering>
    </security>
  </system.webserver>
</configuration>

For more information refer this post.

Comments