Block web access to a single subfolder using IIS?

1.2k Views Asked by Magnus At 27 January 2020 at 08:22

I want to block access from the web to the logs subfolder on a website. The following web.config seems to work...

<configuration>
   <system.webServer>
       <security>
          <requestFiltering>
               <hiddenSegments>
                   <add segment="logs" />
               </hiddenSegments>
           </requestFiltering>
       </security>
   </system.webServer>
</configuration>

...but it will also block access to any logs folder in all subfolders (foo/logs, foo/bar/logs, etc.).

How can I block only the logs folder that is in the same folder as the web.config file?

I know I can put a web.config file directly in the logs directory, but that is not an option here because it will most likely get wiped by accident when someone wipes the log files.

Original Q&A

There are 1 best solutions below

Jalpa Panchal On 28 January 2020 at 07:16

You could iis url rewrite rule to block the request for a particular folder.

below is the rule:

  <rule name="RequestBlockingRule16" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{URL}" pattern="^/s2/(.*)" />
                </conditions>
                <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
            </rule>

folder structure:

s1 is the site root folder.

Block web access to a single subfolder using IIS?

There are 1 best solutions below

Related Questions in IIS

Related Questions in IIS-7

Related Questions in WEB-CONFIG

Related Questions in IIS-8

Related Questions in REQUESTFILTERING

Trending Questions

Popular # Hahtags

Popular Questions