NYCPHP Meetup

NYPHP.org

[nycphp-talk] Re: IIS 5 and .inc files

Jeff Siegel jsiegel1 at optonline.net
Tue Jan 13 15:22:20 EST 2004


Hmmm...is there a pattern emerging based on these replies? ;)

"I say if the client is using Windows, direct access to .inc files is 
the least of their worries."

"OR just install apache win32."

"Other than that, my advice is to use a real webserver."

Jeff Siegel

Freedman, Tom S. wrote:

> I found a (possibly "the"?) solution here:
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=7xxGhc1uDHA
> .736%40cpmsftngxa07.phx.gbl
> 
> Refers to the url http://support.microsoft.com/?id=326444
> 
> It's a tool called URLScan, which is part of the IIS Lockdown Tool.  The
> newsgroup article is a description by a Microsoft employee of how to
> configure URLScan to exclude based on file extension.
> 
> -----Original Message-----
> From: Emmanuel Décarie [mailto:emm at scriptdigital.com] 
> Sent: Tuesday, January 13, 2004 1:40 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] Re: IIS 5 and .inc files
> 
> Hello Keith, thanks for the reply.
> 
> If I understand you, your suggestion doesn't help to resolve my problem
> because
> the access control is based on a repertory when I want this access control
> based
> on the suffix of the file.
> 
> Your solution will not work if I have a repertory with this content:
> http://localhost/testing/index.php
> http://localhost/testing/index.inc
> 
> With Apache, it's easy to tell the server not to serve files that ends with
> ".inc". I'm trying to figure out if this is possible with IIS 5.
> 
> Cheers
> -Emmanuel
> 
> 
> 
>>Keith J Richardson Keith.Richardson at thompsonhealth.com 
>>Tue Jan 13 13:23:06 EST 2004 
> 
> 
>>1) Need PHP to include a file from a directory. in my example, it is
> 
> http://localhost/testing/index.php
> 
>>2) The include directory needs to have scripts able to read it, but must
> 
> deny
> browsing to those pages. - http://localhost/testing/include/lib.inc
> 
>>What I did:
>>
>>1) Go into IIS management, and select the directory that you want to change
> 
> the
> persmissions on, and in my example, it is /testing/include/
> 
>>2) Right click on the folder, and select properties.
>>3) Uncheck read access. There should be nothing in the checkboxes.
>>4) Test!
>>
>>You disabled read access from IIS to access those files, so when you type
> 
> in
> http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 -
> Forbidden: Read Access Forbidden error. The reason why PHP can read the
> files,
> is that the system has NTFS permissions to read the file. When php opens a
> file
> to read, unless it opens it via a http:// command, it will read it locally,
> which IIS has no control over.
> --
> Emmanuel Décarie / Programmation pour le Web - Programming for the Web
> <http://scriptdigital.com/> - Blog: <http://blog.scriptdigital.com> - AIM:
> scriptdigital
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 
> Please do not transmit orders or instructions regarding a UBS account by
> email. The information provided in this email or any attachments is not an
> official transaction confirmation or account statement. For your protection,
> do not include account numbers, Social Security numbers, credit card
> numbers, passwords or other non-public information in your email. Because
> the information contained in this message may be privileged, confidential,
> proprietary or otherwise protected from disclosure, please notify us
> immediately by replying to this message and deleting it from your computer
> if you have received this communication in error.  Thank you.
> 
> UBS Financial Services Inc.
> UBS International Inc.
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 

-- 
Found on the Simpson's Website:
"Ooooooh, they have the internet on computers now!"




More information about the talk mailing list