hi , let's say i have directory called "Games" when some 1 go to ....com/Games , he can see all my files , what can i do ? thanks .
Make a empty file called "default.htm" and place that in that directory, or turn off directory browsing at the server level TAB -> "Home Directory" uncheck the "Directory browsing" checkbox!
"default.htm" is the default and first extension that IIS creates when making virtiual host or the default web site. The only time it wouldn't be is if you remove the "default content pages" all together or remove it from the list. In fact ".html" has never been a default IIS content page extension, it was "index.htm" up until IIS 4, then it became "Default.htm", and is still that way, although "index.htm" is also included in the list, but there is still no default "*.html".
If you're using asp.net you can also configure a web.config file to not allow non-members from seeing any files within the directory. But that will not solve it for you for non-members. Another route is to turn of read permissions completely in IIS, and then create a HTTP handler which spits out the game upon request from your calling page.
web.config will only stop viewing of files which go through the .Net engine. As standard jpg, mp3, pdf, html, asp (not aspx obviously) dont and therefore would still be visible. If you have access to IIS you can push everything through the .Net engine to enable .config to protect all the content but this will increase the load on the server
Whoops sorry, my mistake I don't know why I wrote it that way. What I meant to say was that you should put the files in a directory outside of IIS or shut off the read permissions, then create a HTTP handler which resides within a configured web directory.