0

I have a website made in php and hosted from scratch using IIS. Below is the directory structure.

--> WebSite
    |-> Folder1
    |-> Folder2
    |-> Folder3
    |-> index.php

When a user types in the browser http://website/folder1/* he can access all the content inside the Folder1 folder. I want to deny access to that folder for example.

So far I have tried two solutions. The first solution was to restructure the directory as follows, but it didn't work for me.

--> WebSite
    |-> Deny
        |-> Folder1
    |-> Allow
        |-> Folder2
        |-> Folder3
        |-> index.php

The second was adding a filtering rule in the request filtering / url section, but as soon as the web.config file is created, it gives me the following error when I try to browse the site.

HTTP Error 500.19 - Internal Server Error
Error Code     0x80070005
Config Error       Cannot read configuration file due to insufficient permissions
Config File    *\web.config

What should I do?

ldiaz997
  • 128
  • 8
  • 1) PHP 8 (and above) is not supported by Microsoft on IIS, https://news-web.php.net/php.internals/110907. 2) IIS was not designed to support non .NET web stacks with integrated authorization support, so you shouldn't waste too much time on that direction. Start from a Linux machine and things should be fine. – Lex Li Aug 08 '22 at 01:46
  • I am not sure if your filtering rule in Web.Config file has any issue. You could refer to the example mentioned in [this answer](https://stackoverflow.com/a/4038572/10309381). You could try to modify the Web.Config file to add the filtering rule. See whether it works. – Deepak-MSFT Aug 16 '22 at 08:15

0 Answers0