Prevent direct access to a file or folder

By proper setting of IIS (Internet Information Services) and without the use of complex soffisticati DLL or script code, we can protect a file or an entire folder from direct access, thereby avoiding one or more files are downloaded using simply typing the URL.

A typical example where it may be necessary to resort to such precautions is the case in which our site uses MS Access databases (files with. Mdb) and we want to prevent direct access (rather inconvenient fact).

Let's take an example. Create a folder on our localhost "test" and inside the file "document-riservato.txt" that fill with any text content. Now access that file through your browser to:

 



 http://localhost/documento-riservato.txt

 

The result of typing the URL will result in our case, the display of file contents.

To inhibit this possibility is necessary to act directly on IIS.

We access the admin panel: you click the right mouse button on My Computer and choose Manage voice. From the Computer Management window, you select the voice services and applications and then Internet Information Services.

Browse our local root folder and select our "test".
At this point it is possible (with a simple click on the specific item be reached through the right mouse button) to manage access rules to the entire folder or individual files within it.

In our example we will limit ourselves to a single file.
You click, then, right on the file "document-riservato.txt" and select the Properties item, then the Directory tab that usually appears by default.

Within this tab will appear sguenti options:

 Script Source Access







 Reading







 Writing







 Log visits

In order to prevent direct access is essential to uncheck the read, but my advice is to inhibit all permits!
Permits, Scripture always bring obvious risks to the security of a system while the Script Source Access option if activated would allow users to access the source code of your scripts (such as files. Asp or. Aspx) with obvious dangers to privacy and security of your site. Permission to Register Views, finally, seems redundant given the non-reachability of the file or folder.

Following the operation carried out a preview:

At this point we try to log in again through the browser at:

 



 http://localhost/documento-riservato.txt

 

The download file is protected from inhibition because it was allowed to read.
The other items we have cleared, as mentioned above, have a secondary importance regarding the purposes proposed in this article, however, is a good idea to set as indicated in order to avoid other problems.

If the operation does not succeed try again or go to possibly restart the server.