在ASP.NET站点上禁用调试
[英]Disable Debugging on ASP.NET site
问题描述
Our security team wants me to disable debugging on an ASP.NET site that I have developed. 
我们的安全团队希望我在已开发的ASP.NET站点上禁用调试。 They object to the server sending responses in response to a DEBUG request. 他们反对服务器发送响应以响应DEBUG请求。
I have disabled debugging in the web config file using the tag. 我已使用标记禁用了Web配置文件中的调试。
I see that there are several machine.config and machine.config.default files on the server, and I have set retail="true" for the deployment tag in all of them, and the configuration editor in EES shows the retail attribute as true. 我看到服务器上有几个machine.config和machine.config.default文件,并且我在所有文件中都为Deployment标签设置了retail =“ true”,并且EES中的配置编辑器将retail属性显示为true 。
Still, when I point curl --trace - at my site, I still get trace information. 不过,当我在我的站点上指向curl --trace时,我仍然可以获得跟踪信息。
What else do I need to do? 我还需要做什么?
2 个解决方案
解决方案1
0 2016-05-16 14:14:15
Lets look at the curl --trace information you receive. 让我们看一下您收到的curl --trace信息。 The important thing is what ISAPI modules and handler are processing and handling the requests curl --trace sends. 重要的是ISAPI模块和处理程序正在处理和处理curl --trace发送的请求。
Show the trace log. 显示跟踪日志。
Only standard Microsoft ISAPI modules and handlers have to obey the ASP.NET *.config parameters. 只有标准的Microsoft ISAPI模块和处理程序才必须遵守ASP.NET * .config参数。 If you are using some third-party modules on your server than you will have to look into their configuration. 如果您在服务器上使用某些第三方模块,则必须研究它们的配置。
解决方案2
0 2016-05-16 18:08:27
Putting the appropriate tags in machine.config and web.config resolved the problem. 将适当的标签放在machine.config和web.config中可以解决此问题。 It seems that our security is testing something different than what curl tests. 似乎我们的安全性正在测试与curl测试不同的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.