Re: not serving certain extensions
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/12/04
- Next message: Bitoy: "Known MTX.EXE leak?"
- Previous message: Steven Burn: "Re: html editor: in internet explorer"
- In reply to: Jeff Thies: "not serving certain extensions"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 11 Jun 2004 20:29:49 -0700
If you do not want files to be served over the web, make sure that the
configuration files are not in the URL namespace, and IIS won't let it
download. However, scripts in the URL namespace now must intentionally reach
outside the namespace to access the configuration files. Depending on your
isolation constraints, this may/not be acceptable tradeoff.
You can also map a non-existent Scriptmap engine DLL to .cfg such that IIS
fail to serve the contents of the file when requested, and you can put the
.cfg files in the URL namespace such that other scripts in the URL namespace
can access them without violating isolation constraints.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Jeff Thies" <nospam@nospam.net> wrote in message news:%2327ozq8TEHA.704@TK2MSFTNGP09.phx.gbl... I have some configuration files with a specific extension (.cfg). I want scripts to be able to read these but not have this served publicly over the web. Is it possible to lock out certain extensions. I'd like to keep these in a folder above the web document root, if possible. Jeff
- Next message: Bitoy: "Known MTX.EXE leak?"
- Previous message: Steven Burn: "Re: html editor: in internet explorer"
- In reply to: Jeff Thies: "not serving certain extensions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
