I have gone through several forums (add files to the App_Data, write handler), I have been looking for solutions, but so far without success. I use PHP in every main .htaccess directory, which prohibits direct access to the address and the files, but I do not know how to set this in the ASP.NET MVC 5 application written in C#.
In .htaccess I use this:
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
Is there any option to allow only some directories to crawl directly (such as Content for CSS or Scripts for JS) in C# project or directly on IIS 10?
On my IIS I have disabled directory browsing, but for example, when I write url directly to my XML file (my XML DB) https//:web.test.com/Def/db.xml, I got this file with all data.
MySolution:
I simply set my folder by IIS 10 -> Site -> NameOfWebSite -> RequestFiltering -> Hidden Segments -> Add hidden segment
This action add to Web.config this block of code:
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Def" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>