Hi,
I need to escluxe some extension from IIS. For example when a client call
for a .vbs file i don't want IIS to answer with the file but with a forbidden
message.
Is it possible?
--
Admin of Wellage Community
http://www.wellage.net
What version of IIS are you using?
If you are using IIS 6.0, then just remove the MIME type mapping for .vbs
files. IIS 6.0 does not serve requests for files with an unknown MIME type.
If you are using IIS 5.0, you will have to install URLScan to get this
functionality. Just put in a deny entry for files with the .vbs file
extension.
Cheers
Ken
"Baba"
news:B0A66FC5-AC0B-4A57-AF11-DDEC59ACAC2F@microsoft.com...
> Hi,
> I need to escluxe some extension from IIS. For example when a client call
> for a .vbs file i don't want IIS to answer with the file but with a
> forbidden
> message.
> Is it possible?
> --
> Admin of Wellage Community
> http://www.wellage.net
On Jul 9, 5:22 pm, "Ken Schaefer"
wrote:
> What version of IIS are you using?
>
> If you are using IIS 6.0, then just remove the MIME type mapping for .vbs
> files. IIS 6.0 does not serve requests for files with an unknown MIME type.
>
> If you are using IIS 5.0, you will have to install URLScan to get this
> functionality. Just put in a deny entry for files with the .vbs file
> extension.
>
> Cheers
> Ken
>
> "Baba"
>
> news:B0A66FC5-AC0B-4A57-AF11-DDEC59ACAC2F@microsoft.com...
>
>
>
> > Hi,
> > I need to escluxe some extension from IIS. For example when a client call
> > for a .vbs file i don't want IIS to answer with the file but with a
> > forbidden
> > message.
> > Is it possible?
> > --
> > Admin of Wellage Community
> >http://www.wellage.net- Hide quoted text -
>
> - Show quoted text -
If you control the contents of the HTTP namespace, then you should
simple move the .vbs outside of the HTTP namespace to prevent the
download. If you don't want people to access a resource, then don't
put it into a directory that allows access via HTTP.
IIS has security features to allow this restriction of access -- for
example, remove the "Read" permission in IIS for a specific URL, or
use URLScan/absence of MIME Type to deny entire extensions), but the
simplest choice is to not make it available in the first place.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//