Dale's Enhanced Directory Browser for IIS (32 and 64 bit)

Dale C. Anderson

View Live Demo

Summary

The Enhanced Directory Browser is a drop-in replacement for IIS's built-in directory browsing function. The major enhancements over IIS's built-in directory index are:

• Files and folders are differentiated from each other.
  
  
• Files / Folders are Sortable by Name, Date, and File Size.
  
  
• Directory byte sizes are shown
  
  
• The look and feel is totally customizable (not through configuration, but because you can change the source code)
  
  
• Allows specific files / folders to be hidden via script configuration
  
  

Security Notes

1. It is very important to realize that this script is not aware of the IIS "Directory Browsing" directive. This means that if you have any files / folders that you do NOT want browsed, you need to do one of the following:
   • make sure your NT permissions are set correctly. (no script can override NT permissions)
   • Specify folders to be "hidden" in the script configuration.
     
   
   
   
2. If you want the script to present the user with a logon prompt for certain directories, you need to deny IUSR_<machinename> read access for those directories, since it's the IIS process that is accessing that folder by default.
   
   
3. The EDB will not browse to a higher-level directory than the directory in which the script is placed, even if a malicious user tries to manipulate the URL passed to it.

Installation

To install, download and unrar the latest version from the download folder into any folder on your web server that you want to be able to browse. The directory browser is recursive. Drop the EDB into any folder on your website, and you will be able to browse all of that folder's files and subfolders PROVIDED that "default.asp" is in the server's list of default documents, and that ASP is enabled on the server.

Download UnRar.exe (free) command line if you don't have a RAR unpacker.

Configuration

For most people, the default out-of-the-box configuration will be sufficient. There are a few configuration options near the top of the script that you may find useful. As with any ASP script, use your favorite source code viewer, and edit to your heart's content.

Version History

V1.0 September 26, 2004: original build.

V1.1 October 25, 2004: added optional ability to view file ASP source, along with line numbering

V1.2 November 13, 2004: added rudimentary syntax highlighting to ASP source view

V1.3 January 12, 2005: Added choices for which files to be able to view source of.

V1.4 May 2, 2005: Alternating background colors for highlighted column makes it easier to find which "view source" link you want to choose.

V1.5 2005/05/13: - Added ability to exclude certain folders from view.

V1.5.1 2006/03/01: Pound symbol in folders resulted in non-downloadable files.

V1.5.2 2007/04/27: Fixed runtime error when script was placed in the root directory of a website.

V1.5.3 2008-09-19: Added scriptable option to turn off folder sizes. Big folders with lots of files are very slow.

v1.5.4 2008-11-24: Fixed script so that it now asks for NT credentials (instead of crashing) when it doesn't have permission to access files.

v1.6.0 2009-03-08: Added "default document" list. When the EDB runs in to one of the listed documents in a given directory, it will redirect to it, instead of listing the contents of the containing directory. I would have liked to have pulled the default document property right from IIS itself, but IIS doesn't even allow anonymous users read-only access to the metabase.

v1.6.1 2009-04-20: - Happy Four Twenty! Fixed a bug with redirection... Redirecting over "#" symbols in file names turned out badly. Had to redirect by manually specifying location header, as opposed to using Response.Redirect. (Thanks Craig!)

v1.6.2 2009-12-08: Fixed case sensitivity issue that affected arrPathsToExclude.

Future Plans:

• File sizes turned off by default (speeds things up considerably), with a clickable option to turn them on.
  
  
• an option to respect the IIS Directory Browsing directive - if the server configuration does not allow directory browsing, then neither will EDB. Can't do this from an ASP script. The IIS metabase is only readable by administrators.
  
  
• an option to respect the IIS Default Document property, meaning that if there is a default document in the directory that you open, it will display that instead of displaying the folder's contents. Can't do this from an ASP script. The IIS metabase is only readable by administrators.
  
  
• Automatic M3U file generation for folders with audio files.
  
  
• Ability to upload / rename / delete files
  
  
• Separate file for configuration, so that upgrading to newer versions doesn't necessitate rewriting configuration
  
  
• Ability to change settings via web browser.
  

Got any other suggestions or ideas?

home / conact

This page last modified 12/8/2009 3:01:09 PM