Date:  05/04/2019 08:38:22 AM Msg ID:  004981
From:  Art Bergquist Thread:  004980
Subject:  Re: Access to non-anonymous parts of website
I believe the answer is to "funnel" direct requests for .PDF files to Deny.Exe via one of the following in IIS:
  • Managed Handler
  • Script Map
  • Wildcard Script Map
  • Module Mapping
but, as of yet, have not come up with a solution that prevents direct access to a .PDF in the userid/password-protected part of our website.
Sent by Art Bergquist on 05/03/2019 10:01:36 PM:
Hi.
 
This afternoon, we discovered that someone had Google-d (it may have been a Googlebot) and ended up being able to access a .PDF file that is supposed to be accessible only after you log in to the non-anonymous part of our website.
 
Is there a way to prevent access to .PDFs in the non-anonymous (i.e., userid/password -protected) part of the website?
 
I have read through the Session Management FoxWeb web page and have protected all .FWx files in the non-anonymous part of the website from being directly accessed.
 
I'm trying to figure out, though, how to prevent direct access to .PDFs in the non-anonymous part of the website.
 
TIA,
 
Art Bergquist