homepage Welcome to WebmasterWorld Guest from 50.17.7.84
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
Including a file above the root directory.
Is there a way?
lZakl




msg:955623
 6:20 pm on Feb 8, 2006 (gmt 0)

My question is simple, though I fear the answer may not be. I have a directory -- called "includes" -- That I want to store (You guessed it!) My include files in. I can do this in the inetpub/wwwroot folder, but then everyone and their brother has the potential to download my include files.. So my question is, can I use the include tag like this:

<!--#include file="d:\inetpub\wwwroot\directory\anotherdir\include.inc"-->

I would think that I could. I used MapPath to get the physical directory, but it won't include files using the absolute path. Only if I do either

<!--#include virtual="include.inc"-->
or
<!--#include file="../directory/.../include.inc"-->

The fact that it won't allow me to use the absolute path is baffling. Is there something else I could try, to access these files from a higher directory than 'inetpub/wwwroot'? A different way of including? A way to configure IIS to allow the use of absolute paths in include statements? I have exhausted my searches on the web .. I am truly stumpted.

Thanks for your input!

-- Zak

 

defanjos




msg:955624
 8:04 pm on Feb 8, 2006 (gmt 0)

Name your include files include.asp instead of include.inc. This way, they will not be able to see or download your asp code. They'll be presented with html code only.

mrMister




msg:955625
 11:30 pm on Feb 9, 2006 (gmt 0)

<!--#include file="d:\inetpub\wwwroot\directory\anotherdir\include.inc"-->

This should work, are you sure you have the path and permissions set correctly?

Dijkgraaf




msg:955626
 11:34 pm on Feb 9, 2006 (gmt 0)

As the aim is to protect the files, rather than to actually include files outside of the webroot, then suggestion defanjos made is quite valid.
So move the files into your web folder, and make them .asp files so you can hide any executable code or parameters etc.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved