防止aspx文件在上传文件夹中运行
[英]Prevent aspx file run in upload folder
问题描述
I'm trying to protect me from ASPX Spy attacks. 
我试图保护我免受ASPX Spy攻击。
I added the configuration in the web.config in my upload directory: 我在上载目录的web.config中添加了配置:
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>
But, I can still run aspx files! 但是,我仍然可以运行aspx文件!
What am i missing? 我想念什么?
2 个解决方案
解决方案1
0 2015-01-26 12:46:38
EDIT: 编辑:
the web.config section authorizes only URL not file execution. web.config部分仅授权URL,而不授权文件执行。 See this link to MSDN for more details 有关更多详细信息,请参见指向MSDN的链接。
解决方案2
0 2017-11-22 16:16:45
Try the following settings inside configuration which will prevent any type of file execution in upload folder: 请在configuration尝试以下设置,这将阻止在上载文件夹中执行任何类型的文件:
<location path="upload" allowOverride="false">
<system.webServer>
<handlers>
<clear />
<add
name="StaticFile"
path="*" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
resourceType="Either"
requireAccess="Read" />
</handlers>
<staticContent>
<mimeMap fileExtension=".*" mimeType="application/octet-stream" />
</staticContent>
</system.webServer>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
将aspx页面运行到Sharepoint文件夹中 - Run a aspx page into a Sharepoint folder
aspx.cs无法识别文件上传 - aspx.cs cannot recognize the file upload
在项目文件夹中找不到aspx文件 - aspx file cannot be found in project folder
将文件上传到 Sharepoint 文件夹 - Upload file to Sharepoint folder
是否可以在后台运行aspx文件作为“内存中”操作 - Is it possible to run an aspx file in background as “In memory” operation
如何将 aspx 文件另存为 html 文件和文件夹到本地计算机或服务器 - how to save aspx file as html file and folder to local machine or server
将文件上载到Sharepoint上的文件夹或子文件夹 - Upload file to folder or subfolder on Sharepoint
选择文件并将其上传到特定文件夹 - Select and upload a file to a specific folder
无法使用aspx将Excel文件记录上传到SQL数据库 - Unable to upload excel file records to SQL database using aspx
上载多个档案aspx.net C# - Upload more than one file aspx.net C#
相关标签