I have a directory, "d:/resources/xxxxx/file-name.xxx" that stores the file types: .png, .xml, .pdf, which are accessed by a website. A virtual directory is set up in IIS, "resources," which points to this hard drive location, to allow the .png images to be accessed through an http request, but I am referencing the .pdf and .xml files by their hard drive location. These files are part of a workflow process so they must all remain in their current directory structure.
IIS needs to be allowed to serve the .png images, but I do not want it to be allowed to serve the .pdf or .xml files, for security purposes.
I tried setting up an http handler, which would have worked fine, but I can't make the path specific enough. If I set it to "/resources/*", then I need to manually output the allowed file types and that was getting a bit wonky. I can't set it the path to "*.pdf" because other directories should be allowed to have their .pdf files accessed.
I'm just looking for a straight forward way to restrict access if someone tries to go to "www.mysite.com/resources/dir/mypdf.pdf," or ".../myxml.xml," but still allow .png and all other potential file types to be served.
Also, please let me know if I am going about this all the wrong way.
No comments:
Post a Comment