I have a windows web server and i am using xml for the web.config i currently have extensions permissions set to false for .exe, .bin, and .dll
but i made a directory called "thing" with a .exe in it and i want to write in xml permissions for that directory that lets me download .exe files from it
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".dll" allowed="false" />
<add fileExtension=".exe" allowed="false" />
<add fileExtension=".bin" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
</configuration>
help please?
From the IIS7 documentation , there are 3 tags that you can use within <requestFiltering>
to control URL access:
<denyUrlSequences>
- This element can contain a collection of URL sequence patterns that IIS 7 will deny; for example: you can deny parts of URL sequences that an attacker might try to exploit. <fileExtensions>
- This element can contain a collection of file name extensions that IIS 7 will either deny or allow; for example: you can block all requests for Web.config files.` <hiddenSegments>
- This element can contain a collection of URLs that cannot be browsed; for example: you can deny requests for the ASP.NET App_Code folder. For example:
<requestFiltering>
<!-- deny access to any URL which contains /private -->
<denyUrlSequences>
<add sequence="/private"/>
</denyUrlSequences>
<!-- block all file extensions except js,css,html -->
<fileExtensions allowUnlisted="false">
<add fileExtension=".js" allowed="true" />
<add fileExtension=".css" allowed="true" />
<add fileExtension=".html" allowed="true" />
</fileExtensions>
<!-- hide config and bin dir -->
<hiddenSegments>
<add segment="config" />
<add segment="bin" />
</hiddenSegments>
</requestFiltering>
You can hide some URLs or block some file extensions, but, as far as I can think, it is not possible to fine-tune the accessibility of specific file extensions by folder just changing the IIS configuration. If this is what you want, you'll probably need to write some server-side code.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.