Non Browsable IIS FTP server - TechRepublic
Question
July 29, 2009 at 12:54 PM
dcolbertmatrixmso

Non Browsable IIS FTP server

by dcolbertmatrixmso . Updated 16 years, 11 months ago

I remember a trick from my NT 4.0 days of setting up an anonymous FTP server in IIS that was non-browsable.

Users could log in and UPLOAD a file, and if they knew a particular file name, they could DOWNLOAD a file, but they could not LIST file names.

I’ve tried a couple methods with IIS 6 on W2k3 to try and replicate this, but I’m missing something.

If I right click on the FTP site in ISS manager and click the Home Directory tab and uncheck “Read” in the FTP Site Directory local path area, then a remote anonymous user can upload, cannot browse, but also cannot GET a file.

If I right click the Default FTP site in IIS Manager and select permissions, I can remove individual permissions for Everyone or for Users (or Admins, Creater Owner or System)… but that doesn’t seem to do anything at all. Notably, I tried removing the ability to List Folder Contents for both Users and for Everyone but that didn’t seem to make a difference.

If I open up My Computer or Explorer to the FTP directory directly and make the same changes to permissions there, again, it seems to have no effect.

So my goal is to end up with an FTP site where users can PUT files, where users can GET files, if they know the EXACT name, but where they cannot see what OTHER files exist in the FTP directory.

I’m sure this is possible. Anyone know how to do it?

This discussion is locked

All Comments