Stop Download of mdf file

I just realized I have a major security risk on my site as I can type in the name of my .mdf file in a browser and it allows me to download it. How do I stop this? Thanks

Put the file outside of the web.

Thanks for your suggestion. I am considering that but it is a lot of rewrite. I guess I have no choice. Thank you very much.

Why would you need to rewrite anything? Or did you really mean some other file type than a mdf file which is a data file for sql server, and you don't use the actual mdf file location when using sql server in your application code.

It is my access data file and I have to rewrite it's location for the connection string.

There are permission settings that can prevent a web browser from downloading the file, for example Frontpage creates a _private folder you can't get to via a browser. Check with your server admin.

Thank you very much for your help. I am the server admin so can't ask him.... Thanks

I actually meant mdb file. Access file.

Set up a folder in your web, and using windows explorer open the properties of the folder. On the web security tab you can allow read access or not to the folder by a web browser.

Or if you have Frontpage you can use a _private folder.

I actually turned off read access for the file and changed the error message. Thanks for your help.