# Remove Directory Listing yet still access files



## ImagingGuy2015 (Feb 14, 2008)

Please help!

I have a client that would like certain user to be able to download some files. However he does not want people to know Im hosting it for him. I told him just type out the static IP of my site, then /hisdirectory and nobody will see my sites name etc.

I created a new directory in my webroot for him (IIS7 BTW)

www.example.com/hisdirectory

and then I made permissions so that only a certain username and password could download a file located in the folder.

www.example.com/hisdirectory/thefile.txt

Now I go to users permissions on webroot folder and put DENY ALL to that user.

Then I go to the specific folder and enable "Read". Nothing else, not list directory etc. JUST READ.

Problem is that when someone puts in the link without the filename

www.example.com/hisdirectory

they are STILL able to list the entire directory. This is very frustrating. Whats worse is that if they hit up to parent directory it takes them to the site I have that user set to DENY ALL all that site is open to the public so they can obviously see it.

Is there are way to actually deny listing of a directory using server 2008 IIS7 while still allowing downloading of files from it?

thanks, Jeff (yes I suck at IIS and well anything web, please help)


----------



## Squashman (Apr 4, 2003)

http://technet.microsoft.com/en-us/library/cc731109(WS.10).aspx


----------

