Install Config Wiki

All about installing, configuring and troubleshooting

User Tools

Site Tools

Trace:
wiki:deny_web_access_to_a_folder_by_adding_a_request_filter_to_iis_web.config

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Last revisionBoth sides next revision
wiki:deny_web_access_to_a_folder_by_adding_a_request_filter_to_iis_web.config [2017/11/15 21:13] – created wikiadminwiki:deny_web_access_to_a_folder_by_adding_a_request_filter_to_iis_web.config [2017/11/15 21:18] – [Stop IIS from serving direct access to certain folders] wikiadmin
Line 6: Line 6:
 Open Internet Information Services Manager and select the website that you are interesting in denying web access to certain folders within that site.  You can either add a properly configured web.config file to the website root, or add a web.config file within the particular sub-directory of the root, to block access to those directories / folders from web browsers.   Open Internet Information Services Manager and select the website that you are interesting in denying web access to certain folders within that site.  You can either add a properly configured web.config file to the website root, or add a web.config file within the particular sub-directory of the root, to block access to those directories / folders from web browsers.  
  
-Or you can use Request Filtering to Add a "Deny" list for each folder you want to restrict access, such as /data/, /_cgi-bin/, /admin/, etc.  This deny sequence list will be configured in the web.config file, either in the root, or in the sub-folder itself.+Or you can use Request Filtering to Add a "Deny" list for each folder you want to restrict access, such as /data/, /_cgi-bin/, /admin/, etc.  This deny sequence list can be configured in the web.config file within the root, or you can deny access by creating a properly scripted web.config file within the 'denied' sub-folder itself.
  
-Directions: +=====Directions to Deny Direct Access to Certain folders using Request Filtering===== 
-  -In IIS Manager, select the website under 'Sites" +  -In IIS Manager, select the website under 'Sites" 
-  -Click  the 'Request Filtering' icon in the middle pane +  -Click  the '**Request Filtering**' icon in the middle pane 
-  -Select the '-url' Tab in the middle pane +  -Select the '**-url**' Tab in the middle pane 
-  -Click 'Deny Sequence' in the 'Actions' pane to the right side of the interface +  -Click '**Deny Sequence**' in the 'Actions' pane to the right side of the interface 
-  -Now, Add the path of the first sub-folder between forward slashes, such as /data/ +  -Now, Add the path of the first sub-folder between forward slashes, such as **/data/** 
-  -Click the OK button to add that sub-folder to the Deny list in the 'url' Tab pane +  -Click the OK button to add that sub-folder to the Deny Sequence list in the 'url' Tab pane 
-  -Repeat 'Deny Sequence' to create a list+  -Repeat 'Deny Sequence' to create a list of all folders for which direct web browser access should be denied
   -Switch from Features view by clicking the 'Content View' view at the bootm of the middle pane   -Switch from Features view by clicking the 'Content View' view at the bootm of the middle pane
   -Click Ok to Save the these additions to the web.config file   -Click Ok to Save the these additions to the web.config file
-  -Test your web interface by trying to directly access any folder in your url deny list +  -Test your web interface by trying to directly access any 'denied' folder in your url deny sequence list 
  
  
wiki/deny_web_access_to_a_folder_by_adding_a_request_filter_to_iis_web.config.txt · Last modified: 2017/11/15 21:19 by 127.0.0.1