[nycphp-talk] IIS 5 and .inc files
Keith J Richardson
Keith.Richardson at thompsonhealth.com
Tue Jan 13 13:55:01 EST 2004
I have a hard time finding it - I can see where you can have different files go to different drivers, say .php goes to php4isapi.dll - but I cant find where you can deny extentions. If someone puts up a word document, then they can download it, or any other wierd extension.
If it were me, If I wanted protected files, I would do what I explained, or deny read access on a file by file basis if you dont want a whole directory, or find some wierd hack for IIS (If there is any)
OR just install apache win32. :)
-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Chris Shiflett
Sent: Tuesday, January 13, 2004 1:46 PM
To: NYPHP Talk
Subject: RE: [nycphp-talk] IIS 5 and .inc files
While I don't know the answer, I feel like the only one who understands
the question. :-)
He just wants to know if IIS can be configured to deny requests for URLs
that end in .inc. A Windows guy told him that it can't do this, and he
finds that hard to believe.
I say if the client is using Windows, direct access to .inc files is the
least of their worries. :-)
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security Handbook
Coming mid-2004
HTTP Developer's Handbook
http://httphandbook.org/
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list