The Enhanced Directory Browser for IIS 4,5,6 Dale C. Anderson View Live Demo Summary The Enhanced Directory Browser is a drop-in replacement for IIS's built-in directory browsing function. The major enhancements over IIS's built-in directory index are: * Files and folders are differentiated from each other. * Files / Folders are Sortable by Name, Date, and File Size. * Directory byte sizes are shown * The look and feel is totally customizable (not through configuration, but because you can change the source code) * Allows specific files / folders to be hidden via script configuration * Works on 64-bit windows Security Notes 1. It is very important to realize that this script is not [yet] aware of the IIS "Directory Browsing" directive. This means that if you have any files / folders that you do NOT want browsed, you need to do one of the following: * make sure your NT permissions are set correctly. (no script can override NT permissions) * Specify folders to be "hidden" in the script configuration. 2. If you want the script to present the user with a logon prompt for certain directories, you need to deny IUSR_ read access for those directories, since it's the IIS process that is accessing that folder by default. 3. The EDB will not browse to a higher-level directory than the directory in which the script is placed, even if a malicious user tries to manipulate the URL passed to it. Installation To install, download and unrar the latest version from the download folder into any folder on your web server that you want to be able to browse. The directory browser is recursive. Drop the EDB into any folder on your website, and you are able to browse all of that folder's files and subfolders. Download UnRar.exe (free) command line if you don't have a RAR unpacker. Configuration For most people, the default out-of-the-box configuration will be sufficient. There are a few configuration options near the top of the script that you may find useful. As with any ASP script, use your favorite source code viewer, and edit to your heart's content. Version History V1.0 September 26, 2004: original build. V1.1 October 25, 2004: added optional ability to view file ASP source, along with line numbering V1.2 November 13, 2004: added rudimentary syntax highlighting to ASP source view V1.3 January 12, 2005: Added choices for which files to be able to view source of. V1.4 May 2, 2005: Alternating background colors for highlighted column makes it easier to find which "view source" link you want to choose. V1.5 2005/05/13: - Added ability to exclude certain folders from view. V1.5.1 2006/03/01: Pound symbol in folders resulted in non-downloadable files. V1.5.2 2007/04/27: Fixed runtime error when script was placed in the root directory of a website. V1.5.3 2008-09-19: Added scriptable option to turn off folder sizes. Big folders with lots of files are very slow. v1.5.4 2008-11-24: Fixed script so that it now asks for NT credentials (instead of crashing) when it doesn't have permission to access files. v1.6.0 2009-03-08: Added "default document" list. When the EDB runs in to one of the listed documents, it will redirect to it, instead of listing the contents of the containing directory. I would have liked to have pulled the default document property right from IIS itself, but IIS doesn't even allow anonymous users read-only access to the metabase. v1.6.1 2009-04-20: Happy Four Twenty! Fixed a bug with redirection... Redirecting over "#" symbols in file names turned out badly. Had to redirect by manually specifying location header, as opposed to using Response.Redirect. (Thanks Craig!) v1.6.2 2009-12-08: Fixed case sensitivity issue for arrPathsToExclude