I'm just getting started with Azure and I've run into a problem. I have deployed a website up to Azure that is just HTML, javascript and css files. If a user enters the url address and appends a directory and specific name of a file they are able to see the contents. For example they type in http://mysite.azurewebsites.net/js/utility.js. Upon pressing enter they are able to see all the source code for that file. How can I prevent them from doing that?
Asked
Active
Viewed 109 times
0
-
How did you deploy your website (web apps? vm? web roles? something else? What web host: apache? IIS?)? How did you configure your site (e.g. did you enable the ability to list items in `/js/`)? Please edit with more info. Right now this is really broad. – David Makogon Jan 08 '17 at 05:40
-
2And what is your expectation? If users can't get the code they are not able to run it. What does it have to do with Azure? – techraf Jan 08 '17 at 06:31
1 Answers
6
You just can't prevent users from doing that. This is not an Azure/IIS issue.
Javascript files are for client-side programming, if that js file is used inside your website, it is of public access for the client to download and run. Here are more details on some strategies to make it harder to read js files.
If you are using Azure App Service, then probably it is an IIS server behind it. By default IIS won't allow directory browsing.
Let's say the user enters the following path in his browser http://mysite.azurewebsites.net/js , IIS will not reveal the files contained there.
But if you access the url http://mysite.azurewebsites.net/js/utility.js, this will be allowed by IIS by default, otherwise your website will not work on the client browser.
-
And this is why you cannot rely on client-side validation also. Anything that goes out of your server is under the client's control. – juunas Jan 08 '17 at 15:08
-
Thanks Feranto for the explanation. I had a feeling that was the issue. – George M Jan 08 '17 at 15:46