I have a special web page for members.
I am publishing with IIS 10 on Windows server 2016.
Through the website, members upload their private documents to the site.
For example:
http://mywebpage.com/upload/xuser/a.jpg
http://mywebpage.com/upload/xuser/b.pdf
http://mywebpage.com/upload/yuser/c.pdf
http://mywebpage.com/upload/yuser/abc/d.pdf
I use these files in html tags with classic asp. For example;
<a href='http://mywebpage.com/upload/yuser/c.pdf'>yuser transcript</a>
<h1>Profile</h1><img src='http://mywebpage.com/upload/xuser/a.jpg'/>
But I want these files to be accessible only by *.asp files under "http://mywebpage.com".
The possibility that users can access it by typing the link directly into the address bar annoys me very much.
For this, I used the following ways. But I still don't feel safe.
Disallow all files in /upload/ directory with robots.txt.
Prevent browsing to /upload/ with web.config.
Using a complex directory name and complex filenames with the user id and not the yuser. /upload/ASDASD12djd829D2/DUJA811220.jpg
But these are still not the solution I want. Is it possible to say that no one can read these static files except just http://mywebpage.com/*.asp pages? What path should I follow?
Related
I want to publish a website through google domains.
The problem is that I am shifting my office to a new location so, I want to change the map on my website after one month.
Are there any possibilities to edit the website after publishing?
If it is a static website, sure you can update the information you like. Most web hosting services usually use GitHub as a platform for developers to host it. Meaning, you just need to make the necessary changes to your file, upload to Github. Then the hosting services will detect the change and update your site accordingly
I'm currently trying to upload a html+css page to my hosting service (1&1 internet).
Unfortunately, I have very little experience in that; and would like to ask this question:
How is it possible to update the existing homepage on a site that already has been uploaded to the web?
I'm using WebspaceExplorer. Now, when I enter it, (Hosting section) there are a lot of folders and files with a few options like download, delete and so on.
I can't seem to find out how to make the program understand which one should be the homepage. This is because I see that the page I uploaded is online and accessible, but is not the first page the user sees! How can I change it?
It may be confusing because of the poor description so here is the url of both:
velten-berlin.org (current Homepage)
velten-berlin.org/Upload (desired homepage)
I am developing a web application for my client using Code Igniter and i need to hide and secure some ZIP, JPG and PDF files on server so that they are not accessible by non users. Only people who are logged in and are the owners of Files can access the files. This is very similar to secure file sharing websites.
it is very similar to any paid file sharing site like only people who paid for files can download files. In my case only those who have uploaded and who shared the files with other can download files.
Please tell me how can i do this..
Thanks
Sajid
One method is to keep the files above the web root (so not publicly accessible) and have the link to them point to a function that will check if logged in (or other parameters you want) and if everything is OK, then serve the file(s).
I have a sitecore 7.0 solution with several sites.
Every time that I add a new site I need to create specific users (author, approver, etc..) and a specific Media Folder to the website.
Question:
Is there any way to make this automatically? I was thinking to play a bit with the pipelines but I'm not sure exactly how to start..
Thank you
I have made a custom command for this which:
asks for a site name (using Context.ClientPage.Start and Context.ClientPage.ClientResponse.Input)
creates a sites structure based on a template-branch
creates media library folders
I did not need users but you can add that as well. The only thing left to do manually is adding the configuration files.
There are many blog posts to find about adding custom commands, like:
http://www.sitecore.net/Learn/Blogs/Technical-Blogs/John-West-Sitecore-Blog/Posts/2013/04/Add-Debug-Command-to-Content-Editor-in-the-Sitecore-ASPNET-CMS.aspx
And also branches:
http://www.sitecore.net/Learn/Blogs/Technical-Blogs/Getting-to-Know-Sitecore/Posts/2012/10/Page-Editor-Secrets-1-Complex-Content-Creation.aspx
I want to prevent users access for my "~/Content/..." folder I wrote it as follow in "Global.asax.cs" and put this line of code at the top of every other routes
routes.IgnoreRoute("Content/{*pathInfo}");
but it does not work. in fact user can see every files in content folder by type the URL in browser.
am I missing something?
How did you figure out that it does not work? Give example.
You may have put it last in the Routing table. So try to move it up so that it gets added to the routing table first. The route collection is an ordered list of routes.
Also try this : Routes.IgnoreRoute("Content/");, but your version of ignore is also correct and it should work.
Lastly, I do not know what you mean when you say the user can see all the contents of the Content folder : Isn't that the point? User must be able to download files from the folder, and we usually just need MVC to ignore the requests from coming into the framework, and so that IIS can directly serve those files.
or did you mean Directory browsing is enabled, and you want to disable that : In that case go to IIS manager, and select your website and look for the Directory browsing option and disable it as shown here.
Your problem cannot be solved by routing constraints. There are 3 significant steps in processing request:
IIS got request.
IIS watch at filesystem and search for direct correspondence to file
If IIS didn't found any file - it gives request to ASP.NET MVC for processing.
So, you need to configure folder security to forbidden direct access to files, but allow access to application, as here.
But I don't recommend to secure folder, that should be shared. I don't believe that your site shouldn't have images to display :) If you have some secured content, you need to create another folder.