<div>
I'd suggest the following:<br />
Encrypt the file names in the links.<br />
Make a simple active page which decrypts that string coming from the URL parameter and then returns the file content.
</div>


I'd suggest the following:
Encrypt the file names in the links.
Make a simple active page which decrypts that string coming from the URL parameter and then returns the file content.

ICT Manager

Jo Cox

<div>
You have to do this server side, note client side.<br />
<br />
URL rewriting not the correct approach for more that a few files
</div>


You have to do this server side, note client side.

URL rewriting not the correct approach for more that a few files

<div>
<div class="content wysiwyg-content">
We have a website (IIS) that shows PDF's as part of the interface. In the URL it displays the path and filename to the location of the file. With some ingenuity a web-user could guess other filenames and access files they shouldn't.<br />
<br />
I believe there is method that we can use to convert the path/filename part of the URL to a guid so as to obfuscate this info.<br />
<br />
I was led to believe that a reverse proxy was the tool for the job. We have setup our sophos firewalls as such but this feature isn't happening.<br />
<br />
If anyone could advise it would be much appreciated, my skills in this area are somewhat lacking so any pointers welcome.<br />
<br />
Regards <br />
Jo
</div>
</div>


We have a website (IIS) that shows PDF's as part of the interface. In the URL it displays the path and filename to the location of the file. With some ingenuity a web-user could guess other filenames and access files they shouldn't.

I believe there is method that we can use to convert the path/filename part of the URL to a guid so as to obfuscate this info.

I was led to believe that a reverse proxy was the tool for the job. We have setup our sophos firewalls as such but this feature isn't happening.

If anyone could advise it would be much appreciated, my skills in this area are somewhat lacking so any pointers welcome.

Regards 
Jo

URL Rewrite

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.

Azure

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Sophos

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.