On your web server, you do not want users to be able to navigate up through folders.
So, here is a quick way to restrict access to a web server folder, using ASP.NET:
simply put this web.config in the folder, to deny *all* users access to that folder:
For more examples, there is a nice post on StackOverflow here, about how to (reasonably) securely specify credentials in your web.config: http://stackoverflow.com/questions/7598957/password-protect-folder-with-web-config
So, here is a quick way to restrict access to a web server folder, using ASP.NET:
simply put this web.config in the folder, to deny *all* users access to that folder:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<authorization>
<add accessType="Deny" users="?" />
</authorization>
</security>
</system.webServer>
</configuration>
For more examples, there is a nice post on StackOverflow here, about how to (reasonably) securely specify credentials in your web.config: http://stackoverflow.com/questions/7598957/password-protect-folder-with-web-config
Comments
Post a Comment