IIS secure directory?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Griven
Forum Contributor
Posts: 165
Joined: Sat May 09, 2009 8:23 pm

IIS secure directory?

Post by Griven »

Hey all,

I'm running an intranet website with IIS6 and PHP 5.2 using Integrated Authentication.

My web application has a main page, through which all other pages are accessed. The URL is a familiar

Code: Select all

http://server/index.php?page=something"
All scripts, assets, and subpages are kept in a folder below index.php called _private.

Is there a way to configure IIS so that files in this directly will not be served to the user's browser directly, but only through the index.php file? I tried adjusting the permissions on the folder itself, but that just pops up a login prompt. Is there a good ISAPI filter that will do this?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: IIS secure directory?

Post by kaisellgren »

Are you saying that this private folder lies in site.com/private/... ? You should put it above the index.php and you could either access it relatively "../private/file" or absolutely "C:\inetpub\private\file" within your index.php.
Griven
Forum Contributor
Posts: 165
Joined: Sat May 09, 2009 8:23 pm

Re: IIS secure directory?

Post by Griven »

Gah! Can't believe I didn't think of that. Thank you very much, Kai.
Post Reply