I have a directory "d: /resources/xxxxx/file-name.xxx" that stores the file types: .png, .xml, .pdf that the website accesses. The virtual directory is configured in IIS, “resources,” which points to this location on the hard drive to provide access to .png images through an HTTP request, but I refer to the .pdf and .xml files on their hard drive location. These files are part of the workflow process, so they should all remain in their current directory structure.
IIS should be allowed to serve .png images, but I do not want it to be allowed to serve .pdf or .xml files for security purposes.
I tried setting up an http handler that worked fine, but I can't make the path specific enough. If I set it to "/ resources / *", then I need to manually output the allowed file types, and that got a little worse. I cannot set the path to "* .pdf" because other directories should be allowed to have their .pdf files.
I'm just looking for a direct way to restrict access if someone tries to go to "www.mysite.com/resources/dir/mypdf.pdf" or "... / myxml.xml", but still allow pp to be used and that's it other possible file types.
Also, please let me know if I am going to do it differently.
source
share