I believe the answer is to "funnel" direct requests for .PDF files to Deny.Exe via one of the following in IIS:
- Managed Handler
- Script Map
- Wildcard Script Map
- Module Mapping
as of yet, have not come up with a solution that prevents direct access
to a .PDF in the userid/password-protected part of our website.
Sent by Art Bergquist on 05/03/2019 10:01:36 PM:
This afternoon, we discovered that someone had Google-d (it may have been a Googlebot) and ended up being able to access a .PDF file that is supposed to be accessible only after you log in to the non-anonymous part of our website.
Is there a way to prevent access to .PDFs in the non-anonymous (i.e., userid/password -protected) part of the website?
I have read through the Session Management FoxWeb web page and have protected all .FWx files in the non-anonymous part of the website from being directly accessed.
I'm trying to figure out, though, how to prevent direct access to .PDFs in the non-anonymous part of the website.