Reputation: 25551
Stop IIS from serving files in virtual directory
I have a virtual directory (called "File") setup for my web application. The directory is used to house user file uploads as well as official downloads that we offer.
I want to prevent any file from the "File/UserUpload" directory from ever being served up to a user. It would be pretty difficult (i.e. it will never happen) for a user to come up with the proper filename to request a file since the files are created with a GUID, but I'd like to disallow it nonetheless.
How can I stop IIS from serving files in the virtual directory?
Upvotes: 0
Views: 2349
Answers (1)
Reputation: 18162
Add a web.config file to the directory which denies all users access to the directory.
It should look something like this:
IIS 7:
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
</authorization>
</security>
</system.webServer>
Here is another SO post which may be helpful: https://serverfault.com/questions/72680/iis7-how-to-block-access-with-a-web-config-file
Upvotes: 1
Related Questions
- Removing Virtual Directory From IIS
- IIS path issue when using virtual directory
- How do you disable a virtual directory under IIS?
- HttpHandler to protect files in a virtual directory
- IIS7 Virtual Directory Redirects
- IIS Virtual directory
- IIS7 Creating Virtual Directory to files on another server
- Setting up a virtual directory on IIS7
- virtual directory asp.net 4.5
- ASP.NET and Virtual Directories