web.config hiddenSegment only for root directory?

Question

I added the following to my web.config so users can not download my plugins:

<system.webServer>
    <security>
        <requestFiltering>
            <hiddenSegments>
                <add segment="Plugins" />
            </hiddenSegments>
        </requestFiltering>
    </security>
</system.webServer>

Now I have the problem that not only domain.com/Plugins/MyPlugin.dll is blocked, but also domain.com/Scripts/ckeditor/plugins/ckplugin.js.

Is there a way to configure a hiddenSegment to only affect the root directory?

Answer 1

I've made some additional modifications on top of Christoph's answer to suite my use case, but I will leave this here for future references.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!-- Make sure this directory cannot be served. -->
  <location path="Plugins"> <!-- Change this to your path -->
    <system.webServer>
      <handlers>
        <add name="DisallowServe" path="*.*" verb="*" type="System.Web.HttpNotFoundHandler" /> <!-- Return 404 instead of 403 -->
      </handlers>
    </system.webServer>
  </location>
</configuration>

Answer 2

I solved this via a web.config inside my plugins folder, where I block *.dll files from being downloaded:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.webServer>
        <handlers>
            <add name="Plugins*.dll_*" path="*.dll" verb="*" type="System.Web.HttpForbiddenHandler" />
            <add name="Plugins*.pdb_*" path="*.pdb" verb="*" type="System.Web.HttpForbiddenHandler" />
        </handlers>
    </system.webServer>
</configuration>