Last Updated: February 25, 2016
·
8.133K
· pleone

IIS access deny to specific file extension

Create web.config file and write this code inside:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering>
                <fileExtensions applyToWebDAV="false">
                     <add fileExtension=".csv" allowed="false" />
                </fileExtensions>
            </requestFiltering>
        </security>
  </system.webServer>
</configuration>  

This will deny access to any csv file.
Put the web.config file in the web root if you want to block all csv, or in a subfolder if you want to block request just for that folder.

You can add more filter if you need to block more extension.

1 Response
Add your response

How to deny access to a single file? I've tried the code bellow but it didn'd work:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="index.asp" />
<add value="default.shtml" />
<add value="default.html" />
<add value="index.shtml" />
<add value="index.html" />
<add value="index.htm" />
<add value="Default.asp" />
<add value="Default.htm" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
<location path="\riofb02b.myserver.com\wwwparceiro\mydir\test.asp">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

over 1 year ago ·