What is the easiest way to completely prevent the http access to a subdirectory of the application?

StackOverflow https://stackoverflow.com/questions/22534181

문제

My ASP.Net application contains a subdirectory foo which should not be accessed using http. I thought the easiest solution was to place the web.config below in the subdirectory foo.

<configuration>
    <system.web>
        <httpRuntime enable="false"/>
    </system.web>
</configuration>

But it does not work. For example, http://myapp/foo/test.html is not rejected by the server.

도움이 되었습니까?

해결책

You can try to add this within your web.config :

<configuration>
 <system.webServer>
  <security>
   <requestFiltering>
    <hiddenSegments>
     <add segment="directoryYouWantToProtect"/>
    </hiddenSegments>
   </requestFiltering>
  </security>
 </system.webServer>
</configuration>

I tested it and it seems to work fine, when I try to list the directory or access a file directly I have a 404.8 HTTP Error (The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section)

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top