PDA

View Full Version : IIS instead of girder webserver or want to avoid directory listing



jon1977
October 31st, 2014, 02:36 PM
By default it appears that if you access the girder webserver without the index.html default (I decided to make it more difficult for a none authorised person to access my web server by using a different default file name), then you get a directory listing, effectivelly opening up the folder and file structure for attack.

i.e, say my web server was on http://123.456.789.123/mynewindex.html
if I only typed in: http://123.456.789.123 I would be presented with the directory listing where I can open any file!

I can't find a way to disable this with the girder web server.
I have set up IIS in my windows 7 professional machine, but I can't get it to send ajax calls to or receive data from girder.
Given this configuration page:
6758
What do I click on to get this to work?

I note this previous post which implies this should work:
http://www.promixis.com/forums/showthread.php?21478-IIS-instead-of-Girder-Server

But for the life of me I can't work out how to get this to work.
With thanks
Jon

Tieske8
November 2nd, 2014, 01:22 PM
not a technical answer, nor something you might be interested in, but; security through obscurity is a bad concept. Secure the site, use a password.

jon1977
November 2nd, 2014, 04:01 PM
I appreciate the reply
I have a password set for the site as well.
I just thought layers of security was an even better concept. This is just one of many others.
Unfortunately, this 'layer' makes things worse.
I guess a dummy index.html may be an intermediate option.
I would still be interested in setting up IIS for Girder webserver for interest.
I have another need to have two routes in to my server. Once for access to and to interact with Girder data via a password, and another to one file only not password protected for an external datalogger to send URL data to the web server. So I need to set up two accounts. I can't get the girder web server (although the manual implies this is possible) to do this.
With thanks
Jon

Pinkie2
November 4th, 2014, 11:48 PM
Maybe reverse proxy with ARR and Rewrite Url would help?
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing