Deny viewing of folder contents

[MichealC4]

Per the subject, I don't want users to do any sort of url hacking and guessing filenames in a directory. With Apache, this is easy to do with a .htaccess file, but IIS lacks similar functionality, from what I can see. Is there something I'm missing? A config change I need to make? I know how to turn off the directory listing, that's not what I'm talking about here. Suggestions?

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt

 

[ChrisHirst]

turn off directory browsing in the MMC.
put a default.asp file in the folder.
have a custom 404 page that doesn't say it's a 404

other than that, What are you asking?

You can't stop people guessing









Chris.

Indifference will be the downfall of mankind, but who cares?
Woo Hoo! the cobblers kids get new shoes.
People Counting Systems

So long, and thanks for all the fish.

 

[MichealC4]

In Apache, sure you can.

<Limit GET POST>
Order Allow,Deny
Deny from All
</Limit>

And people won't be able to obtain the files from that given directory.

So does IIS have similar capabilities?

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt

 

[pankajmhatre78]

GET your IIS hardened,you use free tools like URLSCAN or IISlockdown tool for securing your IIS.

 

[MichealC4]

Okay, in other words IIS isn't able to accomplish what I'm looking for. Thanks.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt