IIS7 URL过滤
[英]IIS7 URL Filtering
问题描述
I'm trying to denied access to my website when users use a URL like 
当用户使用类似以下的网址时,我试图拒绝访问我的网站
https://www.mywebsite.com/./somepage.aspx
Right now when I try the url above IIS7 will serve: 现在,当我尝试使用IIS7上方的网址时:
https://www.mywebsite.com/somepage.aspx
I also installed urlscan on the server with 我还在服务器上安装了urlscan
AllowDotInPath=0
[DenyUrlSequences]
.. ; Don't allow directory traversals
./ ; Don't allow trailing dot on a directory name
\ ; Don't allow backslashes in URL
: ; Don't allow alternate stream access
% ; Don't allow escaping after normalization
& ; Don't allow multiple CGI processes to run on a single request
but it still allowing access :( 但它仍然允许访问:(
My way of testing it is using curl: 我的测试方法是使用curl:
curl -I https://www.mywebsite.com/./somepage.aspx
What am i doing wrong? 我究竟做错了什么?
Thanks in advances! 预先感谢!
1 个解决方案
解决方案1
0 2012-07-18 13:36:51
Set your web.config to deny access to all users for somepage.aspx and then allow only authorised users. 将您的web.config设置为拒绝对somepage.aspx的所有用户的访问,然后仅允许授权用户。 This is done differently depending on whether you are using Windows Active Directory authorization or form authorization, but the concept is still the same. 根据您使用的是Windows Active Directory授权还是表单授权,此操作的执行方式有所不同,但是概念仍然相同。
On how to set the web.config, look here 关于如何设置web.config, 请看这里
On another note, why do you have a period in your url? 另一方面,为什么您的网址中有句点? is it for a current directory??? 是当前目录吗???
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.