|
Home > Archive > IIS Server Security > August 2005 > webfolder mime type restrictions
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
webfolder mime type restrictions
|
|
| peterw 2005-08-05, 5:53 pm |
| Hello,
Is it possible to restrict what type of files users can upload to webfolders
in w2k3 / IIS 6.0 (for example no executables)?
Thanks,
Peter
| |
| Christian Paparelli 2005-08-05, 5:53 pm |
| "peterw" <peterw@discussions.microsoft.com> ha scritto nel messaggio
news:CAAB5488-612D-4517-ADF5-12F593B19F5E@microsoft.com...
> Hello,
Hi
> Is it possible to restrict what type of files users can upload to
> webfolders
> in w2k3 / IIS 6.0 (for example no executables)?
what kind of service do you use for upload?
--
Christian Paparelli
http://www.ithost.ch
| |
| peterw 2005-08-05, 5:53 pm |
| No particular service to my knowledge, just by dragging a file from the
windows explorer to the webfolder.
"Christian Paparelli" wrote:
> "peterw" <peterw@discussions.microsoft.com> ha scritto nel messaggio
> news:CAAB5488-612D-4517-ADF5-12F593B19F5E@microsoft.com...
>
> Hi
>
>
> what kind of service do you use for upload?
>
>
> --
> Christian Paparelli
> http://www.ithost.ch
>
>
>
| |
| Christian Paparelli 2005-08-05, 5:53 pm |
| "peterw" <peterw@discussions.microsoft.com> ha scritto nel messaggio
news:27451C2A-9AC5-455E-87DB-1D31A4B6D06F@microsoft.com...
> No particular service to my knowledge, just by dragging a file from the
> windows explorer to the webfolder.
no sorry iis doesn't permit file type restictions
--
Christian Paparelli
http://www.ithost.ch
| |
| Jeff Fink 2005-08-05, 5:53 pm |
|
"peterw" <peterw@discussions.microsoft.com> wrote in message
news:CAAB5488-612D-4517-ADF5-12F593B19F5E@microsoft.com...
> Is it possible to restrict what type of files users can upload to
webfolders
> in w2k3 / IIS 6.0 (for example no executables)?
In general, putting a filter on the upload mechanism will not solve your
problem. The user can just find something that is permitted (ASP for
example) and install their own upload mechanism that bypasses your
protections.
If you're really trying to prevent executables from being run via the web
site, you can turn off executable permission for all users using NT
permissions. I don't have 2003, but in 2000 if you go to the folder's
security and click Advanced, you can turn off the "Traverse Folder / Execute
File" permission to stop executables from being run.
If you're looking for a solution where you can filter out specific file
types, you could write an ISAPI filter, catch the SF_NOTIFY_URL_MAP
notification determine if the file being requested is illegal via your
policy. If so, you can change the result to point at a file indicating so
or return an error.
-Jeff
| |
| peterw 2005-08-08, 8:29 am |
| Thanks Jeff & Christian!
"Jeff Fink" wrote:
>
> "peterw" <peterw@discussions.microsoft.com> wrote in message
> news:CAAB5488-612D-4517-ADF5-12F593B19F5E@microsoft.com...
> webfolders
>
> In general, putting a filter on the upload mechanism will not solve your
> problem. The user can just find something that is permitted (ASP for
> example) and install their own upload mechanism that bypasses your
> protections.
>
> If you're really trying to prevent executables from being run via the web
> site, you can turn off executable permission for all users using NT
> permissions. I don't have 2003, but in 2000 if you go to the folder's
> security and click Advanced, you can turn off the "Traverse Folder / Execute
> File" permission to stop executables from being run.
>
> If you're looking for a solution where you can filter out specific file
> types, you could write an ISAPI filter, catch the SF_NOTIFY_URL_MAP
> notification determine if the file being requested is illegal via your
> policy. If so, you can change the result to point at a file indicating so
> or return an error.
>
> -Jeff
>
>
>
>
|
|
|
|
|