Ping a Specific Port

Question

Joel Spolsky

Asked: 2009-07-09 08:01:55 +0800 CST2009-07-09 08:01:55 +0800 CST 2009-07-09 08:01:55 +0800 CST

Block access to subdirectory using Web.config

772

I have a subdirectory in my ASP.NET project that contains utility files. They're needed by the code at run time, but I don't want them to be visible over the web.

What is the syntax in a Web.config file to block access to all users to a single subdirectory and all its contents?

4 Answers

Voted

MattB · Answer 1 · 2009-07-09T08:28:25+08:00

Best Answer

MattB

2009-07-09T08:28:25+08:002009-07-09T08:28:25+08:00

IIS 7 has a new "request filtering" feature. You probably want to use the hidden segments configuration:

<configuration>
 <system.webServer>
  <security>
   <requestFiltering>
    <hiddenSegments>
     <add segment="BIN"/>
    </hiddenSegments>
   </requestFiltering>
  </security>
 </system.webServer>
</configuration>

This causes http://yoursite/bin to not be servable (but http://yoursite/binary still works)

Check out: http://learn.iis.net/page.aspx/143/how-to-use-request-filtering

16

John Rennie · Answer 2 · 2009-07-09T08:19:39+08:00

John Rennie

2009-07-09T08:19:39+08:002009-07-09T08:19:39+08:00

Your problem is that if IIS simply returns the files ASP.Net will never get a chance to interfere. I believe it can be done by enabling forms based authentication and considerable messing around, but I would simply move the files outside the wwwroot folder.

JR

1

John Rasch · Answer 3 · 2009-07-09T08:23:20+08:00

John Rasch

2009-07-09T08:23:20+08:002009-07-09T08:23:20+08:00

This should work:

<configuration>
  <location path="FolderName">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

0

Ryan Teh · Answer 4 · 2020-11-23T23:57:28+08:00

Ryan Teh

2020-11-23T23:57:28+08:002020-11-23T23:57:28+08:00

MattB's solution will work, but if you have the same folder name in other sub directories, those sub directories will not work.
You could try the following.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!-- Make sure this directory cannot be served. -->
  <location path="Plugins"> <!-- Change this to your path -->
    <system.webServer>
      <handlers>
        <add name="DisallowServe" path="*.*" verb="*" type="System.Web.HttpNotFoundHandler" /> <!-- Return 404 instead of 403 -->
      </handlers>
    </system.webServer>
  </location>
</configuration>

0

Block access to subdirectory using Web.config

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?