Block downloading files on IIS

Asked

Viewed 1,093 times

2

I’m trying to block the download of the songs on my app. I tried to block by putting a file web.config in the music folder with the settings below:

<?xml version="1.0"?>
<configuration>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true" />
    </system.webServer>
</configuration>

But, it still accesses the folder and allows the download of the songs.

  • Can you describe your application? How it works, where are the music files, how this direct access can be done.

  • It is understood that downloading is more than opening the download manager, the download is even playing a file online in a player using the tag <audio>, you want when the person click on the music he open the player directly? Or you want to protect the access of the music against copies?

  • Hi guys, I wanted to block access against copies... I have the Jplayer player in an html that calls the songs that way <audio id="jp_audio_0" preload="metadata" src="player/musicas/minha_musica.mp3" title=""></audio>, i tried to use the security setting of web.config only that then neither the player plays the songs anymore.

  • 1

    First of all, thank you so much for helping me. I ended up finding this answer: (http://answall.com/questions/25820/comor- evitar-que-um-users-storageos-archives-mp3-evitando-assim-que-os-po) and the conclusion is that it is impossible to prevent the download of the songs, what I can do is give a difficult... Thanks.

1 answer

0

Taís, If your site provides the playback of songs (audio) and you want to block the download of them (by source code, for example), you will need a script (in your case, aspx I imagine) intercepting the request of ". mp3" to check the reference (or any other validations) releasing or not the continuation of the binary "dump" of the media file.

Ex.: seu-site-de-musica.com/player.aspx?musica=10

Where 10 is the music ID in the bank and player.aspx checks the request reference (e.g.: if it is not from the host your-website-music.com, then block the access).

Or else, to make the web.config block access to. mp3 files (or other extensions):

web config.:

<system.web>
    <httpHandlers>
        <add verb="*" path="*.mp3" type="System.Web.HttpForbiddenHandler" />
    </httpHandlers>
</system.web>

More information: http://www.iis.net/configreference/system.webserver/security/requestfiltering

  • Felipe, I just created a page .html in the briefcase player/ and I used the Jplayer plug to play the songs that are in the folder player/music/, I have no database to use.

  • @Here, I get it. In this case you can use the web config. above and test your download? If it doesn’t work, try changing the path="*.mp3" for path="player/musicas/*.mp3".

  • He blocked the download and access to folder... only the player no longer plays... The player plays the songs this code <audio id="jp_audio_0" preload="metadata" src="player/musicas/minha_musica.mp3" title=""></audio>

  • @Such, try to restrict access to . mp3 files only to the account user (e.g. Taisuser): <location path="player/musicas/*.mp3">&#xA; <system.webServer>&#xA; <security>&#xA; <authorization>&#xA; <remove users="*" roles="" verbs="" />&#xA; <add accessType="Allow" roles="TaisUser" />&#xA; </authorization>&#xA; </security>&#xA; </system.webServer>&#xA; </location>

  • Don’t forget to remove the lines we created before the web.config. The idea here is to limit the access to the file to the OWNER of the file (in this case TaisUser), i.e., another user (e.g..: IUSR) cannot access, since they are not owners (IUSR). Please try to.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.