Prevent aspx file run in upload folder
Question
I'm trying to protect me from ASPX Spy attacks.
I added the configuration in the web.config in my upload directory:
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>
But, I can still run aspx files!
What am i missing?
2 answers
solution1
0 2015-01-26 12:46:38
EDIT:
the web.config section authorizes only URL not file execution. See this link to MSDN for more details
solution2
0 2017-11-22 16:16:45
Try the following settings inside configuration which will prevent any type of file execution in upload folder:
<location path="upload" allowOverride="false">
<system.webServer>
<handlers>
<clear />
<add
name="StaticFile"
path="*" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
resourceType="Either"
requireAccess="Read" />
</handlers>
<staticContent>
<mimeMap fileExtension=".*" mimeType="application/octet-stream" />
</staticContent>
</system.webServer>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Run a aspx page into a Sharepoint folder
aspx.cs cannot recognize the file upload
aspx file cannot be found in project folder
Upload file to Sharepoint folder
Is it possible to run an aspx file in background as “In memory” operation
how to save aspx file as html file and folder to local machine or server
Upload file to folder or subfolder on Sharepoint
Select and upload a file to a specific folder
Unable to upload excel file records to SQL database using aspx
Upload more than one file aspx.net C#
Related Tags