I have a directory of text files on IIS. I would like this directory to be hidden.
I have set the web.config as follow:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.web> <authorization> <deny users="*" /> <!-- Denies all users --> </authorization> </system.web> </configuration>
But I can still see a full directory listing of the files, as well as access the files over the web.
What am i setting wrong?
I have tried this too:
<system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" roles="Administrators" /> </authorization> </security> </system.webServer>
But that too didn’t help me
The system.web node only affects asp.net files, *.txt files are not affected by it.
To hide the files from all users there are several ways in IIS 7.x, here are two:
In the web.config inside the directory in question:
<system.webServer> <security> <requestFiltering> <fileExtensions> <add fileExtension=".txt" allowed="false" /> </fileExtensions> </requestFiltering> </security> </system.webServer>
<system.webServer> <security> <requestFiltering> <hiddenSegments> <add segment="directoryname" /> </hiddenSegments> </requestFiltering> </security> </system.webServer>
The first one hides all text files, the second one hides the whole url path, both return 404s to the user.
If you want to allow certain users to access the files, these methods wont work. What kind of authentication are you using?
No related posts.
Leave a comment
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?