How to make a folder and its content inaccessible via HTTP

Question

I have a folder called "Template" in my project and want to make it inaccessible via HTTP. I added a web.config file. It makes the folder inaccessible but users can access any content in the folder.

They cannot access "Template" folder, but they can access "Template\index.html"

here is my web.config.

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="*"/> 
      </authorization>
    </system.web>
</configuration>

how can I make the contents inaccessible?

Possible duplicate of [how to deny user to access sub folders and file?](http://stackoverflow.com/questions/19036629/how-to-deny-user-to-access-sub-folders-and-file) — Felipe Deguchi, Oct 27 '16 at 18:05

score 2 · Accepted Answer · answered Oct 27 '16 at 19:42

This can be achieved by IIS Request filters. The same way the bin content is inaccessible for browsing.

Under the system.webserver section add the following. There I have enabled directory browsing just to check that even though the directory browsing is enabled users can't browse files in "Template" folder.

Set <directoryBrowse enabled="false" /> if directory browsing is not required.

<?xml version="1.0"?>
<configuration>
  <system.webServer>
    <directoryBrowse enabled="true" />
    <security>
      <requestFiltering>
        <hiddenSegments>
          <add segment="Template" />
        </hiddenSegments>
      </requestFiltering>
    </security>
  </system.webserver>
</configuration>

For more information refer this post.

How to make a folder and its content inaccessible via HTTP

1 Answers1