1

I have a MVC website, without authentication. In the website directory I have a folder \ProjectNotes which contains a file inside, Notes.txt. Neither this folder nor the text file are a part of the solution, but still get copied up on publish.

My problem is that using a web browser anybody can access mysite.com/ProjectNotes/Notes.txt and I cannot prevent it. I have tried adding a specific route to take the user to the error page (no effect) and in the web config I've tried but that didn't work either.

How can I prevent access to the Notes.txt file using the MVC framework?

VictorySaber
  • 3,084
  • 1
  • 27
  • 45
  • This should work for you : routes.IgnoreRoute("{resource}.txt/{*pathInfo}"); – Varun Vasishtha Apr 05 '16 at 12:08
  • It does nothing. I also have the same line to ignore .axd files. – VictorySaber Apr 05 '16 at 12:17
  • have you tried it.. if it doesnt help then you can use robot.txt files and write paths which you dont want user to be accessible, you can more search about robot.txt file.. and if there is a line in the code then there is some effect of it so dont say it does nothing – Varun Vasishtha Apr 05 '16 at 12:22
  • Possible duplicate of [IIS, denying access to static files; What is wrong with this example?](http://stackoverflow.com/questions/26144814/iis-denying-access-to-static-files-what-is-wrong-with-this-example) – CodeCaster Apr 05 '16 at 12:31
  • @Varun robots.txt has this directory but I can still browse to it. I added your ignoreroute line to BundleConfig.cs before my routes and it did not do anything. But thank you for trying :) – VictorySaber Apr 05 '16 at 12:36

1 Answers1

7

You should use Web.Config file for your case. Add to your root Web.Config file into <system.webServer> section:

<security>
  <requestFiltering>
    <hiddenSegments>
      <add segment="ProjectNotes"/>
    </hiddenSegments>
  </requestFiltering>
</security>

Actually, your question has nothing with MVC, but with IIS restrictions (Or other web server restrictions but I assume you using IIS)

teo van kot
  • 12,350
  • 10
  • 38
  • 70