We would like to set IIS up to not allow a succession of downloads to protect the downloading of our physcical files

What is the configuration utility within IIS that can limit or stop a user from downloading your sites?

How do you use this configuration utility?
Who is Participating?
PAQed and 500 points refunded
Solution/reason see http:#13842931

{{ wearing my Page Editor hat -- ahoffmann }}
>  What is the configuration utility ... that can limit or stop a user from downloading your sites?
unplug your server from the network
or shutdown the web server
or do not use any pages with content at your web server

sorry, but a web server's content is public by definition
If you don't want that someone is reading/copying/downloading it, simply don't publish
If you want that only authorized person can access it, then protect your side with username/password
This tool may be of use to you :-


As ahoffmann quite rightly says if you have anything you really want to protect dont put in your web server.

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Every time that you visit a webpage then you are downloading files from that site no matter whether you choose "save" or not. This is just how your computer and the Internet work...your computer automatically downloads the files....ie: tempoary internet folder.  

Agree totally with the above comments. The web is PUBLIC and when you publish stuff to it then you make it PUBLIC. If someone really wants your source code/images then they can get them. The best thing to do is to watermark any of your photos, etc and just realise that if you put it out there then anyone can get it.
LorneBacklerAuthor Commented:
somebody suggested that you can program against isapi filters

what exactly are you trying to restrict? users making multiple connections? bandwidth restrictions? hacking attempts?

im assuming you would like somekind of defense. something that you can define rules for and then a person would be kicked off the server for violation of these rules.
i would reccomend HTTP://WWW.SNORT.ORG
LorneBacklerAuthor Commented:
basically i want to restrict access to an ip who requests more than 12 requests in a minute etc.

and block access forever to that ip.

AFAIK IIS cannot do this, you need a firewall for that
get an old i386 out of your trash corner, install a bare linux and use it as firewall with iptables, and ready you go
LorneBacklerAuthor Commented:
> read this
hmm, as I assumed: IIS cannot do it. But the other question shows that you can write plugins to do it.

LorneBackler, does this mean that this question here in Security TA was the same as the one in IIS TA?
The question is answered then?
LorneBacklerAuthor Commented:
yes sort of  but i am still working on it

i have to program against isapi filter.

I posted here becuase i was not sure exactly where to post.

thanks a lot

i will question back if i am stuck somewhere.

thanks for your help
LorneBacklerAuthor Commented:
yes i agree
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.