简体   繁体   English

可以在我的网站中覆盖 applicationhost.config 中 http 动词的 RequestFiltering 值吗?

[英]RequestFiltering value for http verbs in applicationhost.config can be overridden in my websites?

What will happen to my website when configure http [OPTIONS=true] in web.conig if http OPTIONS is already configured in applicationhost.config as [OPTIONS=false]?如果 http OPTIONS 已经在 applicationhost.config 中配置为 [OPTIONS=false],那么在 web.conig 中配置 http [OPTIONS=true] 时,我的网站会发生什么?

ApplicationHostFile => added http OPTIONS = false My website level web.config => adding http OPTIONS = true ApplicationHostFile => 添加 http OPTIONS = false 我的网站级别 web.config => 添加 http OPTIONS = true

Which one will take priority?哪一个会优先? & will get any issue [server error] while launching my website? & 在启动我的网站时会遇到任何问题 [服务器错误]?

[Ex: We will get error saying that "duplicate' not allowed if add http response header in applicationhost.config. So something like we will get any error for RequestFiltering http verbs when both file have same headers?] [例如:如果在 applicationhost.config 中添加 http 响应标头,我们将收到错误消息,提示“不允许重复”。因此,当两个文件具有相同的标头时,我们会收到 RequestFiltering http 动词的任何错误?]

If HTTP verbs configured in Applicatiohost.config file like,如果在 Applicatiohost.config 文件中配置了 HTTP 动词,例如,

<system.webServer>
   <security>
    <requestFiltering>
      <verbs allowUnlisted="true" applyToWebDAV="true">
         <add verb="OPTIONS" allowed="false" />
      </verbs>
     </requestFiltering>
   </security>
 </system.webServer>

this can be overridden in our website web.config section by configuring like,这可以在我们的网站 web.config 部分中通过配置来覆盖,

<system.webServer>
   <security>
    <requestFiltering>
      <verbs>
         <remove verb="OPTIONS" />
         <add verb="OPTIONS" allowed="false" />
      </verbs>
     </requestFiltering>
   </security>
 </system.webServer>

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 每次在VS2012中打开解决方案时,IIS express applicationhost.config安全性都会重置 - IIS express applicationhost.config security is reset every time a solutions is opened in VS2012 applicationHost.config 错误:由于 IIS 共享配置的权限不足,无法写入配置文件 - applicationHost.config Error: Cannot write configuration file due to insufficient permissions with IIS shared configuration 删除不安全的HTTP动词,例如OPTIONS - remove unsafe HTTP verbs such as OPTIONS 一些HTTP动词本质上是不是比其他动词更不安全? - Are some HTTP verbs really inherently less secure than others? 如果我在wp-config.php中保留了默认的身份验证密钥值,黑客是否可以访问我的数据库? - Can a Hacker gain access to my database if i've left the default authentication key value in place in my wp-config.php? 谷歌浏览器不在我的网站上显示照片 - google chrome doesnt show photos on my websites 如果我不能将它推送到 github,我的配置在哪里保存? - Where do keep my config if I can't push it to github? 我可以为客户使用http下载签名的安装文件吗? - Can I use http for my customers to download signed installation files? 避免其他网站查询我的file.php - Avoid other websites query my file.php Spring 安全:多个 HTTP 配置不起作用 - Spring Security : Multiple HTTP Config not working
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM