Jump to content

Restricting Access to Images and Other Files


MartinKearns
 Share

Recommended Posts

Thank you in advance for any help I might receive...My problem is:I have a website built using ASP, and it is hosted on a Windows 2003 server.The website features SSL through which users can log-in, then access written reports, and images / audio files / video files which support the written reports.When I upload via SSL each image / report / video clip etc, they each then sit on their own unique URL e.g. http://www.mywebsite.com/images/upload/1967124.jpg orhttp://www.mywebsite.com/clips/upload/219.wmv orhttp://www.mywebsite.com/report/upload/58628.docVia their own log-ins, clients can then access / view / download these files; that, in itself, is fine....BUT - there is a potential security loophole; it is possible (albeit unlikely, but that is not good enough!) if you know the unique URL on which any given file sits, to just type /paste it into a browser window NOT protected via the SSL log-in, and view accordingly.Ideally, I need some code which in those circumstances will redirect the browser to a Forbidden 403 error page.Does such a code exist for a website in ASP on a Windows 2003 server?Thank you again for any help you can give.

Link to comment
Share on other sites

IIS has settings which allow you to enforce use of https. In IIS Manager:- Right-click the the website, and choose Properties- On the Directory Security tab, under Secure Communications, click Edit- On the Secure Communications dialog, check both “Require secure channel (SSL)” and “Require 128-bit encryption”If anyone attempts to navigate to a page on the site without using https, a 403 error occurs.You mention logins also; remember that though SSL provides encryption of the data flow between client and server, it does not control which users can access which resources. For that you will need to look at authentication and authorisation mechanisms.

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...