Reputation: 57
Deny access to specific folder on azure
I recently migrated a rather large website to Azure.
I know it is not the best practice, but the site is configured to store confidential files within the content folder, which was configured as deny all in IIS.
However, when I try to add a web.config in said folder, Azure just ignores the deny entry when accessing files directly. I have tried different combinations of configs, nothing gives.
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
</authorization>
</security>
</system.webServer>
and
<security>
<ipSecurity allowUnlisted="false">
</ipSecurity>
</security>
However, if I upload an invalid web.config to the folder, the site throws an error and nothing is served.
Upvotes: 1
Views: 1127
Answers (1)
Reputation: 6868
You are going to have to move those files off the instance and put them somewhere else (blob storage is a good choice).
What you are doing won't work well at all in a web farm scenario. Storing files on a single instance for a web site is unworkable for webfarms without some really crazy workarounds. Although you could technically do this with a single persistent VM, you won't have a very scalable website running on a single instance.
Copy the files into blob storage and replace the direct calls to them with a method that checks security first and then streams and/or generates a SAS signature for the blob in storage.
Upvotes: 2
Related Questions
- Folder permission for Azure Web App For Linux
- How to disable App Service authentication for a path?
- Denying direct access to a folder (only allow through app)
- Azure App Service - How to set folder permission? (Window OS)
- Preventing Public Access of an Azure App Service app directory
- Securing MS Azure WebApp access at directory level?
- Azure - restrict access to app service only
- Folder permissions in Azure web sites
- Control access to web apps on Azure
- Deny access to a folder in ASP.NET