Skip to main content


Showing posts from October, 2014

IIS - Preventing URL Access to a Specific Directory

Yesterday I was asked to made a web page which provided the ability to download files, which weren't served directly (by passing the file URL to the client) but were sent by reading the file on the server and sending the output.  However, I realised that the files could still be accessed by an unauthenticated user by typing in the file's direct URL.  Most solutions to this that I found required remote access to the server (which I don't have) or adding URL rewrite rules (the URL rewrite module wasn't installed). So I needed a solution I could implement in a web.config, and I came across the following:

<configuration> <system.webServer> <security> <requestFiltering> <hiddenSegments> <add segment="dir_to_protect" /> </hiddenSegments> </requestFiltering> </security> </system.webServer> </configuration&…