How to ASP.NET MVC3 Route to accept any type of file (Dot in URL)
https://stackoverflow.com/questions/8874962
-
16-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
ASP.NET MVC 2 Issue - Dot in Route gives an example to allow dot (.) in url and allow .svc file.
My question is, how to allow any kind of file, I tried:
<httpRuntime relaxedUrlToFileSystemMapping="true" />
<remove extension=".*"/>
Not working! What I want is: for any kind of URL (any chars) can processed by MVC3 Route(MapRoute).
해결책 2
here is the solution:
First: it will NOT cause security leak, if you visit /web.config, you will get
HTTP Error 404.8 - Not Found
The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.
Unless you change the hiddenSegment of course.
here is the solution, at web.config file:
<system.webServer>
<handlers>
<add name="Static-Favicon" path="favicon.ico" verb="GET" modules="StaticFileModule" resourceType="File" requireAccess="Read" />
<add name="Static-Robot" path="robots.txt" verb="GET" modules="StaticFileModule" resourceType="File" requireAccess="Read" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*" verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*" verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*" verb="GET,HEAD,POST,DEBUG" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Static-Favicon and Static-Robot can be removed, if you like your MVC handle these two files as well.
Btw, you still need the <remove extension=".svc" /> to handle svc file, and relaxedUrlToFileSystemMapping for special codes in url
다른 팁
That's a very very very bad idea. You want people to be able to download your web.config? see your passwords? download your database? IIS and MVC deliberately block many kinds of extensions because not doing so is highly insecure.
