I have a windows web server and i am using xml for the web.config i currently have extensions permissions set to false for .exe, .bin, and .dll
but i made a directory called “thing” with a .exe in it and i want to write in xml permissions for that directory that lets me download .exe files from it
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".dll" allowed="false" />
<add fileExtension=".exe" allowed="false" />
<add fileExtension=".bin" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
</configuration>
help please?
From the IIS7 documentation, there are 3 tags that you can use within
<requestFiltering>to control URL access:<denyUrlSequences>– This element can contain a collection of URL sequence patterns that IIS 7 will deny; for example: you can deny parts of URL sequences that an attacker might try to exploit.<fileExtensions>– This element can contain a collection of file name extensions that IIS 7 will either deny or allow; for example: you can block all requests for Web.config files.`<hiddenSegments>– This element can contain a collection of URLs that cannot be browsed; for example: you can deny requests for the ASP.NET App_Code folder.For example:
You can hide some URLs or block some file extensions, but, as far as I can think, it is not possible to fine-tune the accessibility of specific file extensions by folder just changing the IIS configuration. If this is what you want, you’ll probably need to write some server-side code.