Block access to subdirectory using Web.config

asp.netiis-7

I have a subdirectory in my ASP.NET project that contains utility files. They're needed by the code at run time, but I don't want them to be visible over the web.

What is the syntax in a Web.config file to block access to all users to a single subdirectory and all its contents?

Best Answer

IIS 7 has a new "request filtering" feature. You probably want to use the hidden segments configuration:

<configuration>
 <system.webServer>
  <security>
   <requestFiltering>
    <hiddenSegments>
     <add segment="BIN"/>
    </hiddenSegments>
   </requestFiltering>
  </security>
 </system.webServer>
</configuration>

This causes http://yoursite/bin to not be servable (but http://yoursite/binary still works)

Check out: http://learn.iis.net/page.aspx/143/how-to-use-request-filtering

Best Answer

Related Solutions

Continuing permissions issues – ASP.net, IIS 7, Server 2008 – 0x80070005 (http 500.19) error

Configure ASP.NET Application to Read Mapped Network Drive

Related Topic