Norman:
Instead of doing a domain verification, I simply set my IIS5.0/4.0 to check
to see if the file exsists. You can do this by going into your IIS
Management Console. From there, right click the web site(s) in question and
select properties. Click the home directory tab and then select
configuration. Select the .htr extension and then chose edit. From click
simply set the checkbox that says Check That File Exsists to true and click
ok. Now whenever someone tries to view a .htr file, the web server first
makes sure that the file exsists. So when someone types in index.cfm+.htr,
the user gets a file not found error since the web server checked first to
see if that file exsisted, which of course it doesnt.
Best Regards,
Greg Wolfinger
Web Application Development
CompuVisions, Inc.
301-680-8800
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "CF-Server" <[EMAIL PROTECTED]>
Sent: Thursday, January 04, 2001 12:54 AM
Subject: Slightly OT: Passwording the .HTR bug
>
> I believe I've seen this done someplace, and am
> wondering if anyone knows how it could be done:
>
> Instead of completely disabling the .HTR bug, somehow
> modify the access controls to allow only certain users
> to have permission to use it. When you first try to
> access a page using the .HTR extension, you're given
> the standard authentication box and are authenticated
> off of the Windows 2000 domain.
>
> I would imagine this is possible through IIS and it's
> ACL extensions, but I know very little about how these
> work. Does anyone have any insight?
>
> Thanks!
>
> Norman Elton
> College of William & Mary
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
