Deny access on particular folder in IIS 7 in php application

Question

Hi,

I'm having an PHP application running on IIS7. I want to secure particular folder by modifying web.config. I don't want to use tag in config as this will redirect users to login page. Rather then, I'd like to implement HttpNotFoundHandler.

Say for example, http://domain.com/SecureFolder is the directory on which I want to implement HttpNotFoundHandler. When user try to access that folder, the 404 page should be displayed.

The secured folder can only be accessed via sub domain. Below is the config file which I'm trying to do the needful but that is not working.

  <?xml version="1.0"?>
  <configuration>
    <connectionStrings />
    <appSettings />
    <system.web>
      <customErrors mode="RemoteOnly"></customErrors>
      <httpHandlers>
        <add path="~/securefolder" verb="*" type="System.Web.HttpNotFoundHandler" validate="true"/>
      </httpHandlers>
    </system.web>
  </configuration>

Thanks in advance,

Pravesh

Answer 1

You're going to want a wildcard mapping. Check out: http://blogs.iis.net/ruslany/archive/2008/09/30/wildcard-script-mapping-and-iis-7-integrated-pipeline.aspx

From there, you can parse the url and determine whether you should throw a 404 or not.

Answer 2

You can use the URL Rewrite Module to write a custom response action.

CustomResponse action causes the URL rewrite module to respond to the HTTP client by using a user-specified status code, subcode, and reason. Usage of CustomResponse action implies that no subsequent rules will be evaluated for the current URL, after this action is performed.

Answer 3

Shouldn't path be something like path="securefolder/*.*"?

I have that working on IIS6, but still file extensions not assigned to ASP.NET ISAPI filter are served by IIS (i.e. *.txt) so I had to assign .txt to the ASP.NET ISAPI filter on IIS.