I know that by defualt IIS won't server App_Data or bin folders content to the public.
How to set one more folder to don't server to public?
Go to Internet Information Services(IIS) and look for the Directory Browser option. Select it and on the right corner you see an option Open Feature . Click on it and it will take you to another tab. Now select Disable and you see that the browsing has been disabled.
The proper way to do that is using this:
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="My_Directory" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
This allows you to still access files located there from the IUSR
account, but prevents actual requests for files there from being filled directly.
Note that this will block files in that directory, and any subdirectories, no matter where that directory occurs - even if it, itself, is a sub-directory of something else.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With