Phil- Your FTP folder should be below your web root - I believe anything in the web path will be served via the browser. I don't think you can turn off processing for a directory in the web path. If you are using the content of the FTP as web content, you can use an upload function through ColdFusion instead and allow only certain file types and extensions.
/S On Thu, 20 Aug 2009 11:21:53 -0700, Philip Kaplan <pkap...@gmail.com> wrote: > > I'm allowing people to FTP-upload into one of my web server directories, > but > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > I right-clicked on the directory in IIS and changed "execute permissions" > to > "none," but it seems the cfm files in that directory are still running. > > Here's an example: > http://hitmelater.com/affiliate/index.cfm > > Any ideas? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325572 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4