发表新帖
发表新帖

Can I use wildcards in the web.config location path attribute?

后端 未结
关注
3 638
心在旅途
心在旅途 2020-12-19 00:50

In IIS 7 I try to deny access to all files with the extension .xml for all users.

I tried the following setting in my web.config file:
相关标签:
3条回答
  • 太阳男子
    2020-12-19 01:03

    Try this:

    <configuration>
    <system.web>
        <httpHandlers>
            <add path="*.xml" verb="*" 
             type="System.Web.HttpNotFoundHandler" />
        </httpHandlers>
    </system.web>
</configuration>

    By the way you could alternatively store all of your xml files within the App_Data directory. Storing files of any type in this directory will not be served to the web.

    0 讨论(0)
  • 天涯浪人
    2020-12-19 01:05

    I have stumbled across this when searching for a way to change the security applied to all actions within a controller in a legacy application (ASP.NET MVC). I thought I need some sort of wildcard, but simply providing the path including the controller segment is enough:

    This allows anonymous access to all actions within FooController.

    0 讨论(0)
  • 天命终不由人
    2020-12-19 01:07

    Another way is to use a request filter:

    <system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions>
        <add fileExtension=".xml" allowed="false" />
      </fileExtensions>
    </requestFiltering>
  </security>
</system.webServer>
    0 讨论(0)
 看不清?
提交回复
热议问题