I know that by defualt IIS won't server App_Data or bin folders content to the public.
How to set one more folder to don't server to public?
views:
36answers:
3
+1
A:
Remove IIS_IUSR permissions from that folder.
I think its generically under the "Internet Guest Account"
castis
2010-10-27 23:26:57
If you do that, you may also be blocking any ability to access those files via the web application at all, which is probably not what is intended.
Andrew Barber
2010-10-27 23:38:04
I Removing the IIS_IUSR will work in my case, I want to save there users uploads, now I am saving them on somewhere out side the website folder on the c: drive, and this uploads folder does not have IIS_IUSR permission and I still can access it from my website code.
Amr ElGarhy
2010-10-27 23:57:35
+1
A:
The proper way to do that is using this:
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="My_Directory" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
This allows you to still access files located there from the IUSR account, but prevents actual requests for files there from being filled directly.
Note that this will block files in that directory, and any subdirectories, no matter where that directory occurs - even if it, itself, is a sub-directory of something else.
Andrew Barber
2010-10-27 23:37:21
A:
I found it how to do this: http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering/hiddenSegments
Amr ElGarhy
2010-10-27 23:49:30