• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

We would like to set IIS up to not allow a succession of downloads to protect the downloading of our physcical files

What is the configuration utility within IIS that can limit or stop a user from downloading your sites?

How do you use this configuration utility?
1 Solution
>  What is the configuration utility ... that can limit or stop a user from downloading your sites?
unplug your server from the network
or shutdown the web server
or do not use any pages with content at your web server

sorry, but a web server's content is public by definition
If you don't want that someone is reading/copying/downloading it, simply don't publish
If you want that only authorized person can access it, then protect your side with username/password
This tool may be of use to you :-


As ahoffmann quite rightly says if you have anything you really want to protect dont put in your web server.

Every time that you visit a webpage then you are downloading files from that site no matter whether you choose "save" or not. This is just how your computer and the Internet work...your computer automatically downloads the files....ie: tempoary internet folder.  

Agree totally with the above comments. The web is PUBLIC and when you publish stuff to it then you make it PUBLIC. If someone really wants your source code/images then they can get them. The best thing to do is to watermark any of your photos, etc and just realise that if you put it out there then anyone can get it.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LorneBacklerAuthor Commented:
somebody suggested that you can program against isapi filters

what exactly are you trying to restrict? users making multiple connections? bandwidth restrictions? hacking attempts?

im assuming you would like somekind of defense. something that you can define rules for and then a person would be kicked off the server for violation of these rules.
i would reccomend HTTP://WWW.SNORT.ORG
LorneBacklerAuthor Commented:
basically i want to restrict access to an ip who requests more than 12 requests in a minute etc.

and block access forever to that ip.

AFAIK IIS cannot do this, you need a firewall for that
get an old i386 out of your trash corner, install a bare linux and use it as firewall with iptables, and ready you go
LorneBacklerAuthor Commented:
> read this
hmm, as I assumed: IIS cannot do it. But the other question shows that you can write plugins to do it.

LorneBackler, does this mean that this question here in Security TA was the same as the one in IIS TA?
The question is answered then?
LorneBacklerAuthor Commented:
yes sort of  but i am still working on it

i have to program against isapi filter.

I posted here becuase i was not sure exactly where to post.

thanks a lot

i will question back if i am stuck somewhere.

thanks for your help
LorneBacklerAuthor Commented:
yes i agree
PAQed and 500 points refunded
Solution/reason see http:#13842931

{{ wearing my Page Editor hat -- ahoffmann }}

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now