I have an application where I have an XML file which holds the connection string. When hit the URL with the exact file name it opens the file in the browser that is natural.
Now I need to restrict this file browsing and I can not change that code to do any redirect or anything else.
What I have tried is using denyurlsequences in the security tag in the web.config but it restricts the application too to access the file and that makes the application stop working.
I am using .NET Framework 2.0
The ".xml" file extension is not supported by ASP.NET pipeline that is why you cannot add it to web.config and restrict it. What you can do is to copy the xml file in the "App_Data" folder of your application.
The purpose of this folder is to hide it files from browsers/users and also is build for this type of data.
To create "App_Data" folder if it already does not exist :
Right click on your project -> Add ASP.NET Folder -> App_Data
Or just add a folder and call it App_Data
I know its old question but this answer may be helpful for others. I did below configurations on IIS 8.5 ( make sure Request Filtering is installed on IIS.)
In our application we have a master xml file stored in an application folder, to deny browsing this xml file I had added the folder name in hidden segments and it worked.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.