views:

125

answers:

1

[I posted a similar question on serverfault.com, but had very little feedback so trying here]

I can do this just fine under Apache with htaccess. But at work its all M$ all the time...

I need to lock off access to any .fla files that might come up on a virtual host. We keep them next to the few .swf we use on some of our sites, I just want to be sure they are not being downloaded by people or spiders that may scrape the site.

There isn't really anything sensitive in the fla's but I'd rather keep them in the same folder and have them forbidden to downloaders.

I've tried the MIME type route (check if MIME type is defined under HTTP Headers > MIME Types, remove if it was, etc;), but there is no FLA defined, but I can still download the file by default. I recall this was the opposite if you WANTED to serve .flv files, but not .fla's

I cannot do a Web.Config approach (at least I don't think I can) as it is not an ASP.NET site... so I am not sure.

I don't want to install any apps (as this is a production system).

Thanks appreciate any feedback.


MY SOLUTION:

Thanks to being pointed in the right direction, I got this working the way I wanted (hopefully correctly), for anyone needing this solution as well, here is what I did:

Select your website under IIS > Properties > Home Directory (tab) > Configuration (button) > Mappings (tab) > Click Add (button)

Executable: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

Extension: your extension here

Verbs: (ALL or POST/GET/etc;)

[x] Script Engine (checked)

[x] Vefiry file exists (checked)

+2  A: 

IIS > Web Site > Properties > Home Directory tab > Configure button > Mappings > Add button

Executable: C:\WINDOWS\system32\inetsrv\404.dll

Extention: .ext

Verbs: (don't think this matters)

[ ] Script engine

[ ] Check that file exists

Byran
I can't find 404.dll.. could it be that I need this IISLockdown wizard?
Jakub
I copied the executable path from an existing mapping rule. I believe it was for '.shtml'.
Byran