How do you stop users directly accessing files on a website in IIS

Question

I want to stop users on the internet being able to enter this URL into a browser and access these files directly. How can I do this?

for example: mysite/uploadedfiles/file1.txt

is there any iis rule? Please help me.

Why is it in the web directory if you don't want used to access it???? — Jacob Evans, Dec 08 '17 at 11:53
it's old project, now we caonn't change that, all uploaded files they are putting into uploadedfiles folder inside a project. — Rakesh, Dec 08 '17 at 12:07

score 1 · Answer 1 · answered Dec 08 '17 at 15:57

If your txt files are not meant to be directly delivered to the users via HTTP and they are just accessed by your application logic, you should move them to a different location, not directly published by IIS. This could need some reengineering work. A temporary workaround could be setting up some kind of filtering based on HTTP-REFERRER.

Check this: https://blogs.msdn.microsoft.com/webdevelopertips/2008/12/15/tip-34-did-you-know-how-to-stop-hot-linking-from-your-site-using-url-rewrite-in-iis-7-0/

score 0 · Accepted Answer · answered Dec 07 '17 at 20:09

0

This question is ambiguous, but a simple way would be to:

Go to content view of the site, right click the file, click edit permissions, click on security tab and edit the permissions to remove IIS_IUSRS

answered Dec 07 '17 at 20:09

JStellato

136
1
5

How can the iis user upload the file without access – Jacob Evans Dec 08 '17 at 12:27

How do you stop users directly accessing files on a website in IIS

2 Answers2