Limiting web browsing to certain folders

At our company web site we have a folder where we keep information and executables that are used by our software. While we need to have our programs to have access to the folder and its contents, we’d like to prevent clever users from being able to type the address of a file directly into their browser and thereby downloading the file. Is there a folder property I could set at the web server that would accomplish this?
efzAsked:
Who is Participating?
 
gfdosCommented:
I don't think that is possible -- If someone knows the name of the file they can download it.....

How would your programs being accessed in the field be able to run these files, if they couldn't download them before running them?
0
 
gfdosCommented:
if the files are stored on a linux infrastructure you would use the .htaccess file in the directory:
http://www.javascriptkit.com/howto/htaccess11.shtml

are you using linux or windows for your web server?
0
 
gfdosCommented:
for windows check out this:
http://learn.iis.net/page.aspx/557/translate-htaccess-content-to-iis-webconfig/

specifically the section titled "Directory Browsing"
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
efzAuthor Commented:
Many thanks for your speedy response. Your suggestions seems like just what I need. If I understand correctly I insert the line

        <directoryBrowse enabled="true" />

in the web.config file located in the sites root folder. What I don't understand is how this command is applied to one folder in particular. Visitors should be able to browse most of the site, no? I only wish to preclude them from a particular folder. The "directoryBrowse" directive seems to apply to the entire site doesn't it?
0
 
efzAuthor Commented:
There's a typo in my earlier comment. The directoryBrowse enabled value is supposed to be "false".

When I inserted that line into the web.config file, I was unable to browse any page of the web site without getting an error.

What's the secret?
0
 
gfdosCommented:
with linux you can change it at any level -- since it is handled by .htaccess file at each folder.

The default for windows is off at all levels, so its kind of strange it was on for you....
Normally you dont want people to be able to browse your web directories at all.

Note: " The enabled attribute determines whether directory browsing is enabled for the site, application, or directory."
(from http://www.iis.net/ConfigReference/system.webServer/directoryBrowse)
Yet it doesn't have any instruction on how to re-enable it for a specific application or directory.

The default accepted way is to disable is altogether.
Is there a application or directory you DO want browsing re-enabled for?
0
 
gfdosCommented:
The below shows how to enable it for an individual directory

<configuration>
  <location path="special_directory_name_here">
   <system.webServer>
    <directoryBrowse enabled="true" />
   </system.webServer>
  </location>
</configuration>

more info here:
http://blogs.iis.net/bills/archive/2008/03/24/how-to-enable-directory-browsing-with-iis7-web-config.aspx

0
 
efzAuthor Commented:
I'm on a Windows server by the way.

I should clarify my problem. We store executable files at our site:

http://www.mysite.com/afolder/myfile.exe

I was not being precise when I used the term "browsing". What you say is true, users by default cannot browse the "afolder", however they can download the myfile.exe file by typing the following line in their browser:

http://www.mysite.com/afolder/myfile.exe

My problem is that I need to be able to allow our programs begin used in the field to access these files (as they currently have been doing), but not allow users to download them directly by simply typing the path to the executable. Is that possible?
0
 
gfdosCommented:
Depending on what you are using them for, you could make the names of the .exe files less obvious, so someone couldn't GUESS the name of the file.... but if they know the file is called "lmnop.exe" they would be able to get it.....

Still "lmnop.exe" is less obvious than "myapp.exe"
0
 
efzAuthor Commented:
So be it. Please accept my sincere thanks for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.