I added the following to my web.config so users can not download my plugins:
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="Plugins" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
Now I have the problem that not only domain.com/Plugins/MyPlugin.dll
is blocked, but also domain.com/Scripts/ckeditor/plugins/ckplugin.js
.
Is there a way to configure a hiddenSegment to only affect the root directory?
I solved this via a web.config inside my plugins folder, where I block *.dll files from being downloaded:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="Plugins*.dll_*" path="*.dll" verb="*" type="System.Web.HttpForbiddenHandler" />
<add name="Plugins*.pdb_*" path="*.pdb" verb="*" type="System.Web.HttpForbiddenHandler" />
</handlers>
</system.webServer>
</configuration>
I've made some additional modifications on top of Christoph's answer to suite my use case, but I will leave this here for future references.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!-- Make sure this directory cannot be served. -->
<location path="Plugins"> <!-- Change this to your path -->
<system.webServer>
<handlers>
<add name="DisallowServe" path="*.*" verb="*" type="System.Web.HttpNotFoundHandler" /> <!-- Return 404 instead of 403 -->
</handlers>
</system.webServer>
</location>
</configuration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.