D
david
Hi,
I have a asp.net site running on an MS Access database this is, for better
or worse, stored under the webroot.
How can I lockout the database directory to prevent anyone from downloading
it via HTTP?
I have attached my web.config file at the end of this message.
The problem is that the "database" directory is still viewable by anyone.
Not sure why. Do I have a typo?
Thanks,
David
---------------------------------------------
<configuration>
<system.web>
<customErrors mode="Off"/>
<!-- Authentication form -->
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="app-admin/Login.aspx" protection="All"
timeout="999999" path="/app-admin/" />
</authentication>
<!-- Allow anon users to main site -->
<authorization>
<allow users="?" />
</authorization>
</system.web>
<!-- Set up secure zone for app admin -->
<location path="app-admin">
<system.web>
<!-- disallow anon users-->
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!-- Set up secure zone for database -->
<location path="database">
<system.web>
<!-- disallow all users-->
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
I have a asp.net site running on an MS Access database this is, for better
or worse, stored under the webroot.
How can I lockout the database directory to prevent anyone from downloading
it via HTTP?
I have attached my web.config file at the end of this message.
The problem is that the "database" directory is still viewable by anyone.
Not sure why. Do I have a typo?
Thanks,
David
---------------------------------------------
<configuration>
<system.web>
<customErrors mode="Off"/>
<!-- Authentication form -->
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="app-admin/Login.aspx" protection="All"
timeout="999999" path="/app-admin/" />
</authentication>
<!-- Allow anon users to main site -->
<authorization>
<allow users="?" />
</authorization>
</system.web>
<!-- Set up secure zone for app admin -->
<location path="app-admin">
<system.web>
<!-- disallow anon users-->
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<!-- Set up secure zone for database -->
<location path="database">
<system.web>
<!-- disallow all users-->
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>