拒绝php应用程序中IIS 7中特定文件夹的访问
[英]Deny access on particular folder in IIS 7 in php application
问题描述
I'm having an PHP application running on IIS7. 
我正在IIS7上运行一个PHP应用程序。 I want to secure particular folder by modifying web.config . 我想通过修改web.config来保护特定的文件夹。 I don't want to use <location> tag in config as this will redirect users to login page. 我不想在配置中使用<location>标记,因为这会将用户重定向到登录页面。 Rather then, I'd like to implement HttpNotFoundHandler . 相反,我想实现HttpNotFoundHandler 。
Say for example, http://domain.com/SecureFolder is the directory on which I want to implement HttpNotFoundHandler . 举例来说, http : HttpNotFoundHandler是我要在其上实现HttpNotFoundHandler的目录。 When user try to access that folder, the 404 page should be displayed. 当用户尝试访问该文件夹时,应显示404页面。
The secured folder can only be accessed via sub domain. 受保护的文件夹只能通过子域访问。 Below is the config file which I'm trying to do the needful but that is not working. 以下是我正在尝试做的配置文件,但这是行不通的。
<?xml version="1.0"?>
<configuration>
<connectionStrings />
<appSettings />
<system.web>
<customErrors mode="RemoteOnly"></customErrors>
<httpHandlers>
<add path="~/securefolder" verb="*" type="System.Web.HttpNotFoundHandler" validate="true"/>
</httpHandlers>
</system.web>
</configuration>
4 个解决方案
解决方案1
0 2013-10-23 20:03:53
Actually my recommendation would be to do that at the IIS level instead, using a feature designed for that called Request Filtering. 实际上,我的建议是使用为请求筛选设计的功能在IIS级别上执行此操作。 You can just add a configuration file like: 您可以仅添加如下配置文件:
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="securefolder" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
See: Request filtering for more info 请参阅: 请求过滤以获取更多信息
解决方案2
0 2010-07-14 11:11:38
Shouldn't path be something like path="securefolder/*.*" ? 路径不应该像path="securefolder/*.*"吗?
I have that working on IIS6, but still file extensions not assigned to ASP.NET ISAPI filter are served by IIS (ie *.txt) so I had to assign .txt to the ASP.NET ISAPI filter on IIS. 我已经在IIS6上工作了,但是IIS(即* .txt)仍为未分配给ASP.NET ISAPI筛选器的文件扩展名提供了服务,因此我不得不为IIS上的ASP.NET ISAPI筛选器分配.txt。
解决方案3
0 2009-02-02 07:03:33
You're going to want a wildcard mapping. 您将需要通配符映射。 Check out: http://blogs.iis.net/ruslany/archive/2008/09/30/wildcard-script-mapping-and-iis-7-integrated-pipeline.aspx 检出: http : //blogs.iis.net/ruslany/archive/2008/09/30/wildcard-script-mapping-and-iis-7-integrated-pipeline.aspx
From there, you can parse the url and determine whether you should throw a 404 or not. 从那里,您可以解析URL并确定是否应该抛出404。
解决方案4
0 2009-03-02 19:50:43
You can use the URL Rewrite Module to write a custom response action. 您可以使用URL重写模块来编写自定义响应操作。
CustomResponse action causes the URL rewrite module to respond to the HTTP client by using a user-specified status code, subcode, and reason.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.