• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Control anonymous download from public FTP server

I may be going mad but, I'm sure IIS used to have 3 permissions for ftp sites, Read, Write and LIST.

I want to have a public FTP site for customers to get files from, but without list access to the download folder.  Ideally they will receive a hyperlink to the specific file they need, say ftp.mywork.com/public/yourfile.zip, so that can download that file but can't see any other files in the folder.

The upload folder is easy, I have just granted Write access without read so they can't see the files in there. but the DL folder is doing my head in.  Is this possible at all in MS FTP now? if there a 3rd party solution (V.cheap to free as I have no budget) I could use if MS won't do it

I'm using MS server 2003 with IIS6, all up to date with SPs and hotfixes
0
acmp
Asked:
acmp
  • 4
  • 4
1 Solution
 
woolmilkporcCommented:
Hi,
I've found an interesting article for you. I'm no IIS expert at all, but if I understand things on page 2 right, there does exist a directory browsing/listing permission.
Remains to find out where to set it ...
 
wmp
0
 
acmpAuthor Commented:
Thanks for the reply woolmilkporc,

I need a little more info though...

can you link the article please and I'm not too sure what you mean/where you are with Page 2, can you explain.

Thanks in advance
0
 
woolmilkporcCommented:
Oh sorry, I've been distracted ... here's the link -
 
http://windowsitpro.com/Windows/Articles/ArticleID/19773/pg/1/1.html 
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
woolmilkporcCommented:
... possibly this one wil help do the trick -
http://www.iisanswers.com/Blind_drop_ftp.htm
 
0
 
acmpAuthor Commented:
thanks wmc,

I think you've confirmed my suspicions, that I USED to be able to control list access prior to IIS6 but it isn't there anymore.  The settings referred to in the article are just not there in IIS6 and I don't know why they have gone.

Any thoughts anyone?
0
 
woolmilkporcCommented:
... here another article,
covering exactly what you asked, and at the bottom is says 'applies to ... IIS 6.0'!
http://support.microsoft.com/default.aspx?scid=kb;[LN];314932
wmp
 
 
0
 
acmpAuthor Commented:
Works well.  

Not an ideal fix from MS but I can work wit it.

Thanks for you help
0
 
acmpAuthor Commented:
I'm happy to grade you at all A's
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now