I'm looking to protect certain subfolder (includes) and files within from direct access from users but I need to retain full permissions & access to the website/system. I'm using IIS on Server 2012 R2. Is this possible ? Thanks in advance.

example :


2 Answers

emololftw On

Folder, for example /Database/ folder, so input .htaccess file with DENY FROM ALL and php include in index.php

Seferan On

This is what Hidden Segments is for (https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/hiddensegments/index). The default configuration for IIS protects against folders like "bin".