Disable Directory Listing in Asp.Net

Just like index.html file in any HTML, JSP, Php applications , the similar file in Asp.net is Default.aspx.  This file opens first once your asp .net application is started. 

Here is my Directory Structure.


So Once I will run my Asp.net application, Default.aspx file from the root directory will be opened like this.



Now, Suppose If I write any directory name in browser, And If there is any Default.aspx file in that directory then that file will be shown in browser like this.



Now I have deleted Default.aspx file from Contact Us directory and lets see what happens if there is no Default.aspx file in that directory.



It will show the entire directory structure to end user and that is not a good programming habit. You never ever have to show the structure of directories to end users. This is like inviting hackers to hack in to your website. Never Ever do this.

Solution

(1) If your project is hosted on local server then you have to make changes in local server configurations.
  • Go to Run Type “inetmgr” and click on enter.
  • Open IIS Manager and navigate to the level you want to manage.In Features View, double-click Directory Browsing.
  • In the Actions pane, click Enable if the Directory Browsing feature is disabled and you want to enable it. Or, click Disable if the Directory Browsing feature is enabled and you want to disable it.
(2) If your project is hosted on remote server then you have to make changes in remote server configurations.

Suppose If you want to Disable access to your database, excel files or to other resources then you can include the below lines.

Now Suppose If I will try to access test.csv file from application then this kind of message will be popped up.


No comments:

Post a Comment