I'm running IIS 6.0 and would very much like to prevent direct downloading of
content located in some of my sites sub-directories.
Can this be done using IIS 6 and if so, what is the best practice to follow?
Any help would be greatly appreciated.
Regards,
G
It can be done.
It will take a third party ISAPI filter (usually as a purchase) to do it
though.
Search for "http-referrer blocker" in your favorite search engine to find
options. The one I was looking at that best suited what I wanted was about
$150. Be careful some charge per web site.
You can probably write your own if you were into that...
"Garrett"
news:C1559062-0421-4881-80E9-DDDF288C7AF0@microsoft.com...
> I'm running IIS 6.0 and would very much like to prevent direct downloading
> of
> content located in some of my sites sub-directories.
>
> Can this be done using IIS 6 and if so, what is the best practice to
> follow?
>
> Any help would be greatly appreciated.
>
> Regards,
>
> G
"Garrett"
news:C1559062-0421-4881-80E9-DDDF288C7AF0@microsoft.com...
> I'm running IIS 6.0 and would very much like to prevent direct downloading
of
> content located in some of my sites sub-directories.
>
What is your definition of direct downloading as opposed to indirect
downloading?
If you never generate a URL pointing to these sub-directories then turn off
anonymous access.
--
Anthony Jones - MVP ASP/ASP.NET
".._.." <.._..@yourmom.mil> wrote in message
news:wC3Si.39230$G23.10890@newsreading01.news.tds.net...
> It can be done.
>
> It will take a third party ISAPI filter (usually as a purchase) to do it
> though.
>
> Search for "http-referrer blocker" in your favorite search engine to find
> options. The one I was looking at that best suited what I wanted was
about
> $150. Be careful some charge per web site.
>
> You can probably write your own if you were into that...
>
Do these blockers have a means to prevent the client from spoofing the
http-referer?
--
Anthony Jones - MVP ASP/ASP.NET
Some work by cookies. Those do.
Considering the http-referrer is generated by the client, there is no
defense against spoofing it.
They will stop 99% of the people from linking to images from their blogs and
whatnot. Someone who gets a link, spoofs the http-referrer is going to a
lot of trouble, they could more easily download and rehost the file.
So that concern is pretty much pointless.
But, if you are using that method for protecting files that are that
precious, you are using the wrong tool for the job.
"Anthony Jones"
news:eDvT8uwEIHA.5208@TK2MSFTNGP04.phx.gbl...
> ".._.." <.._..@yourmom.mil> wrote in message
> news:wC3Si.39230$G23.10890@newsreading01.news.tds.net...
>> It can be done.
>>
>> It will take a third party ISAPI filter (usually as a purchase) to do it
>> though.
>>
>> Search for "http-referrer blocker" in your favorite search engine to find
>> options. The one I was looking at that best suited what I wanted was
> about
>> $150. Be careful some charge per web site.
>>
>> You can probably write your own if you were into that...
>>
>
> Do these blockers have a means to prevent the client from spoofing the
> http-referer?
>
> --
> Anthony Jones - MVP ASP/ASP.NET
>
>