Blocking files via. web.config

[David]

I am installing apps on an asp.net 1.1 machine to which I have no
access to the IIS configuration. I need to lock out the viewing of
files types in a directory. As per info on the net, I added the
following in the web.config. However, when I directly address the
files via. www.testsite.com/test.logs, the system shows the file. Is
there other option I need to add to the config or is this an issue
with the way that IIS was installed on the machine?

Thanks


<httpHandlers>
<add verb="*" path="*.pdf"
type="System.Web.HttpForbiddenHandler"/>
<add verb="*" path="*.logs"
type="System.Web.HttpForbiddenHandler"/>
</httpHandlers>

 

[Bruce Barker]

you need to update the iis file mapping.

the web.config only effects files which are mapped to asp.net by iis. if
asp.net doesn't see the file, it can not respond.

-- bruce (sqlwork.com)

 

[Guest]

IIS is serving the files without consulting ASP.NET, which is why your
web.config settings have no effect. If you are unable to adjust the IIS
settings then you'll need to try a different approach, such as storing the
files in a private directory or database and serving the files through a
special page that acts as the gatekeeper.

Here's more info:
http://SteveOrr.net/articles/EasyUploads.aspx