Shahar Gvirtz's Weblog

How To: Prevent running ASP / ASP.NET code in specific folder

Sometimes, you may want to prevent running ASP or ASP.NET code in specific folder, for security reasons for example.
In this case, you have to follow these instructions (Windows Server 2003, IIS6):

  1. run inetmgr, the IIS management consoleimage
  2. Right-Click on the folder you want to disable ASP/ASP.NET inside
  3. Open the properties window.
  4. image In the "Directory" tab, in the "Execute Premissions list, choose "None". Now, It's impossible to execute ASP files or CGI scripts in this folder.
  5. Make an application for this folder, by clicking "Create" button.
  6. Click on the "Configuration" button.





  7. image In the "Wildcard application maps" section, choose the aspnet_isapi.dll item, and click Removee.

That's it!
Now, it's impossible to execute ASP or ASP.NET code on this folder.

Shahar.

Posted: Mar 16 2008, 02:54 PM by shahargs | with 5 comment(s)
Filed under:

Comments

Mark said:

it's a good idea to do this to folders where users can upload content.

# March 16, 2008 4:50 PM

shahargs said:

Yes, I did it for a folder where users upload content to.

# March 17, 2008 2:50 AM

DotNetKicks.com said:

You've been kicked (a good thing) - Trackback from DotNetKicks.com

# March 17, 2008 10:50 AM

Work for stay at home moms. said:

Wahm com the online magazine for work at home moms. Work at home moms message boards.

# November 3, 2008 6:28 PM

DotNetShoutout said:

Your Story is Submitted - Trackback from DotNetShoutout

# November 19, 2008 10:06 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)