NYCPHP Meetup

[Freedman, Tom S.]

I found a (possibly "the"?) solution here:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=7xxGhc1uDHA
.736%40cpmsftngxa07.phx.gbl

Refers to the url http://support.microsoft.com/?id=326444

It's a tool called URLScan, which is part of the IIS Lockdown Tool.  The
newsgroup article is a description by a Microsoft employee of how to
configure URLScan to exclude based on file extension.

-----Original Message-----
From: Emmanuel Décarie [mailto:emm at scriptdigital.com] 
Sent: Tuesday, January 13, 2004 1:40 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Re: IIS 5 and .inc files

Hello Keith, thanks for the reply.

If I understand you, your suggestion doesn't help to resolve my problem
because
the access control is based on a repertory when I want this access control
based
on the suffix of the file.

Your solution will not work if I have a repertory with this content:
http://localhost/testing/index.php
http://localhost/testing/index.inc

With Apache, it's easy to tell the server not to serve files that ends with
".inc". I'm trying to figure out if this is possible with IIS 5.

Cheers
-Emmanuel


>Keith J Richardson Keith.Richardson at thompsonhealth.com 
>Tue Jan 13 13:23:06 EST 2004 

>1) Need PHP to include a file from a directory. in my example, it is
http://localhost/testing/index.php
>2) The include directory needs to have scripts able to read it, but must
deny
browsing to those pages. - http://localhost/testing/include/lib.inc
>
>What I did:
>
>1) Go into IIS management, and select the directory that you want to change
the
persmissions on, and in my example, it is /testing/include/
>2) Right click on the folder, and select properties.
>3) Uncheck read access. There should be nothing in the checkboxes.
>4) Test!
>
>You disabled read access from IIS to access those files, so when you type
in
http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 -
Forbidden: Read Access Forbidden error. The reason why PHP can read the
files,
is that the system has NTFS permissions to read the file. When php opens a
file
to read, unless it opens it via a http:// command, it will read it locally,
which IIS has no control over.
--
Emmanuel Décarie / Programmation pour le Web - Programming for the Web
<http://scriptdigital.com/> - Blog: <http://blog.scriptdigital.com> - AIM:
scriptdigital
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


Please do not transmit orders or instructions regarding a UBS account by
email. The information provided in this email or any attachments is not an
official transaction confirmation or account statement. For your protection,
do not include account numbers, Social Security numbers, credit card
numbers, passwords or other non-public information in your email. Because
the information contained in this message may be privileged, confidential,
proprietary or otherwise protected from disclosure, please notify us
immediately by replying to this message and deleting it from your computer
if you have received this communication in error.  Thank you.

UBS Financial Services Inc.
UBS International Inc.