Reputation: 49
Restrict File Access From URL
I have a site developed in ASP.NET which is hosted.Now in my site there is folder known as "upload" in which some .rar files are saved for private use.When I directly type the url, the file gets downloaded. Say suppose the file is at "http://www.mathew.com/uploads/mine.rar",if i type the url in the browser and hit enter,it downloads the file even though directory listing is not there.
I want to restrict this..How can I achieve it. Thanks, Mathew
Upvotes: 3
Views: 2068
Answers (1)
Reputation: 13286
You can restrict that by authorization. Put a web.config file in this folder with:
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
EDIT :
This won't work since rar files are not handled by asp.net, so in addition you need to add a handler for asp.net treat rar files like aspx files:
For classic mode:
<system.web>
<httpHandlers>
<add verb="*" path="*.rar" type="System.Web.UI.PageHandlerFactory" />
</httpHandlers>
</system.web>
For integrated mode (default for iis 7.5 and VS 2012)
<system.webServer>
<handlers>
<add name="rar" path="*.rar" verb="*" type="System.Web.UI.PageHandlerFactory"/>
</handlers>
</system.webServer>
Upvotes: 6
Related Questions
- Prevent direct access to files on IIS server
- How to prevent users from accessing files directly in the website root Directory
- How to Prevent direct access to files and folders in asp.net?
- How to restrict folder access in asp.net
- Allow unauthorized users from specific IP/Domain only for some directories using <location path="XXX"> tag in web.config
- HttpHandler to protect files in a virtual directory
- Block visitors access to specific folder in asp.net
- ASP.NET Protect files inside folder
- Deny access to directory in IIS 6.0
- Restricting public access to a file on an ASP.NET site