[I posted a similar question on serverfault.com, but had very little feedback so trying here]
I can do this just fine under Apache with htaccess. But at work its all M$ all the time...
I need to lock off access to any .fla files that might come up on a virtual host. We keep them next to the few .swf we use on some of our sites, I just want to be sure they are not being downloaded by people or spiders that may scrape the site.
There isn't really anything sensitive in the fla's but I'd rather keep them in the same folder and have them forbidden to downloaders.
I've tried the MIME type route (check if MIME type is defined under HTTP Headers > MIME Types, remove if it was, etc;), but there is no FLA defined, but I can still download the file by default. I recall this was the opposite if you WANTED to serve .flv files, but not .fla's
I cannot do a Web.Config approach (at least I don't think I can) as it is not an ASP.NET site... so I am not sure.
I don't want to install any apps (as this is a production system).
Thanks appreciate any feedback.
MY SOLUTION:
Thanks to being pointed in the right direction, I got this working the way I wanted (hopefully correctly), for anyone needing this solution as well, here is what I did:
Select your website under IIS > Properties > Home Directory (tab) > Configuration (button) > Mappings (tab) > Click Add (button)
Executable: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
Extension: your extension here
Verbs: (ALL or POST/GET/etc;)
[x] Script Engine (checked)
[x] Vefiry file exists (checked)