Microsoft KB Archive/247376
Article ID: 247376
Article Last Modified on 12/3/2007
- Microsoft Internet Information Server 2.0
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services 6.0
This article was previously published under Q247376
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
When you use Microsoft Internet Information Services (IIS), no virtual directories are displayed when browsing a WWW folder with directory browsing enabled or displaying directory contents on an FTP site.
This behavior is by design. Physical directories appear in directory listings, and virtual directories do not. IIS "hides" virtual directories. This is true for both WWW and FTP sites.
Hiding virtual directories has tremendous security advantages because users are required to know the virtual path that they want to access.
To display a WWW or FTP virtual directory in a folder, create an empty physical directory of the same name. When a request is made to the directory, the virtual directory is returned, instead of the physical directory.
If you create an FTP virtual directory of the same name as a user's name on a server, when the user logs on through an FTP client, the user is automatically redirected to the virtual directory, based on their user name. Needless to say, if you have multiple users on a server, each with their own virtual directory, it can be quite advantageous to not display the virtual directories, because it also compromises user names on the server.
Additional query words: iis 4 iis4 iis 5 iis5 iis 6 iis 6.0 iis6
Keywords: kbprb kbpending KB247376