?
Solved

Limiting web browsing to certain folders

Posted on 2011-05-06
10
Medium Priority
?
381 Views
Last Modified: 2012-05-11
At our company web site we have a folder where we keep information and executables that are used by our software. While we need to have our programs to have access to the folder and its contents, we’d like to prevent clever users from being able to type the address of a file directly into their browser and thereby downloading the file. Is there a folder property I could set at the web server that would accomplish this?
0
Comment
Question by:efz
  • 6
  • 4
10 Comments
 
LVL 3

Expert Comment

by:gfdos
ID: 35707822
if the files are stored on a linux infrastructure you would use the .htaccess file in the directory:
http://www.javascriptkit.com/howto/htaccess11.shtml

are you using linux or windows for your web server?
0
 
LVL 3

Expert Comment

by:gfdos
ID: 35707836
for windows check out this:
http://learn.iis.net/page.aspx/557/translate-htaccess-content-to-iis-webconfig/

specifically the section titled "Directory Browsing"
0
 

Author Comment

by:efz
ID: 35708006
Many thanks for your speedy response. Your suggestions seems like just what I need. If I understand correctly I insert the line

        <directoryBrowse enabled="true" />

in the web.config file located in the sites root folder. What I don't understand is how this command is applied to one folder in particular. Visitors should be able to browse most of the site, no? I only wish to preclude them from a particular folder. The "directoryBrowse" directive seems to apply to the entire site doesn't it?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:efz
ID: 35708279
There's a typo in my earlier comment. The directoryBrowse enabled value is supposed to be "false".

When I inserted that line into the web.config file, I was unable to browse any page of the web site without getting an error.

What's the secret?
0
 
LVL 3

Expert Comment

by:gfdos
ID: 35708392
with linux you can change it at any level -- since it is handled by .htaccess file at each folder.

The default for windows is off at all levels, so its kind of strange it was on for you....
Normally you dont want people to be able to browse your web directories at all.

Note: " The enabled attribute determines whether directory browsing is enabled for the site, application, or directory."
(from http://www.iis.net/ConfigReference/system.webServer/directoryBrowse)
Yet it doesn't have any instruction on how to re-enable it for a specific application or directory.

The default accepted way is to disable is altogether.
Is there a application or directory you DO want browsing re-enabled for?
0
 
LVL 3

Expert Comment

by:gfdos
ID: 35708418
The below shows how to enable it for an individual directory

<configuration>
  <location path="special_directory_name_here">
   <system.webServer>
    <directoryBrowse enabled="true" />
   </system.webServer>
  </location>
</configuration>

more info here:
http://blogs.iis.net/bills/archive/2008/03/24/how-to-enable-directory-browsing-with-iis7-web-config.aspx

0
 

Author Comment

by:efz
ID: 35708494
I'm on a Windows server by the way.

I should clarify my problem. We store executable files at our site:

http://www.mysite.com/afolder/myfile.exe

I was not being precise when I used the term "browsing". What you say is true, users by default cannot browse the "afolder", however they can download the myfile.exe file by typing the following line in their browser:

http://www.mysite.com/afolder/myfile.exe

My problem is that I need to be able to allow our programs begin used in the field to access these files (as they currently have been doing), but not allow users to download them directly by simply typing the path to the executable. Is that possible?
0
 
LVL 3

Accepted Solution

by:
gfdos earned 2000 total points
ID: 35708564
I don't think that is possible -- If someone knows the name of the file they can download it.....

How would your programs being accessed in the field be able to run these files, if they couldn't download them before running them?
0
 
LVL 3

Expert Comment

by:gfdos
ID: 35708579
Depending on what you are using them for, you could make the names of the .exe files less obvious, so someone couldn't GUESS the name of the file.... but if they know the file is called "lmnop.exe" they would be able to get it.....

Still "lmnop.exe" is less obvious than "myapp.exe"
0
 

Author Closing Comment

by:efz
ID: 35709026
So be it. Please accept my sincere thanks for your help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month16 days, 11 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question