拒绝直接访问IIS Web服务器中的JavaScript文件

Question

I have a web application which is in php and java script. if someone tries to enter the path of the java script file in the browser, the complete java script is being displayed in the browser. For example: http://myserver.com/MyApp/app/view/baseView.js , this returns the source code of that particular java script file.

Can I restrict this ? I am using Windows IIS 7.5 Web Server. I have tried doing this in the main web.config file:

<security>
        <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="" roles="Administrators" />

        </authorization>
    </security>

But this code blocks the complete application, even when I try to access the default.php file through the url, the following error is being returned by the Web Server : "401 - Unauthorized: Access is denied due to invalid credentials".

Please help !

Answer 1

You cannot block direct access to the file. If you restrict access to the file, as you mentioned the php file will 'break' for users who don't have access to that js file.

You could however redirect users who visit the URL to the file directly: Javascript example:

<script>
if(window.location.href.endsWith('baseView.js'))
{
    window.location = 'www.google.com'
}
</script>

You may also be able to use the .htaccess file to do this, which would be much better. (although I cannot test this myself right now, I'm not sure if it would work and not be invoked through the php file)

Note: This will in no way stop users from reading the Javascript file, so I am not sure why you want to do this.