I have a WebSite and I woud like Deny Directory Browser from a web.config file.
我有一个网站,我想要从网络上拒绝目录浏览器。配置文件。
Here the code I'm using placed in the ROOT. Does not work. I'm testing it Locally so with URL LIKE http://localhost:3214/ I can still browser the directory fro CMS.
这里是我在根目录中使用的代码。不工作。我正在本地测试它,所以使用URL(比如http://localhost:3214/我仍然可以浏览CMS的目录。
- What I'm doing wrong?
- 我做错了什么吗?
- Should it work even on Local Machine?
- 它应该在本地机器上工作吗?
Thanks for your support!
谢谢你的支持!
<configuration>
<location path="Cms">
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
</location>
</configuration>
Some resource:
一些资源:
http://blogs.iis.net/bills/archive/2008/03/24/how-to-enable-directory-browsing-with-iis7-web-config.aspx
http://www.expta.com/2008/03/configuring-virtual-directories-with.html
http://www.expta.com/2008/03/configuring-virtual-directories-with.html
4 个解决方案
#1
7
First: not everything works in a <location> block.
首先:不是所有东西都在
I cannot find a positive statement that <system.webServer> isn't supported in a <location>, but I cannot find any cases where it is suggested that it is allowed. Evidence for this is in the (global) machine.config where the system.webserver section is defined to use the IgnoreSection handler: ie. it isn't processed by the standard System.Configuration implementation, and it is that standard implementation of config handling that provides support for <location>.
我找不到
Try adding a web.config into the Cms folder with the directoryBrowse element to confirm that browsing is blocked.
尝试添加一个网络。使用directoryBrowse元素配置到Cms文件夹中,以确认浏览被阻塞。
#2
4
Gibbok, nothing is wrong here, Don't panic :)
吉博克,这里没有什么问题,不要惊慌:)
Assuming that you are browsing your website from the built-in server inside Visual Studio, This is typically a normal case.
假设您正在从Visual Studio内的内置服务器上浏览您的网站,这通常是一个正常的情况。
I'm pretty sure that if you moved to IIS with the above code, Directory browsing will behave just like what you want it to be.
我非常确信,如果您使用上述代码迁移到IIS,目录浏览将会像您希望的那样运行。
Give it a try and host this website in IIS, and let us know what happened, Thanks.
请尝试并在IIS上建立这个网站,让我们知道发生了什么,谢谢。
#3
0
the <directoryBrowse> directive controls the listing of the directory via the http protocol only: http://msdn.microsoft.com/en-us/library/ms691327%28v=vs.90%29.aspx
It will not have any effect on code, trying to access the directory from within any other (or even your own) application.
它不会对代码产生任何影响,试图从任何其他(甚至是您自己的)应用程序中访问该目录。
@Edit: after the edit and if I get you right - I think, what you mean by Deny Directory Browser is the intended functionality: show the contents of the dir within a specified path using the browser. And yes, it probably will not work in the local development server. Try it on IIs!
@Edit:在编辑之后,如果我没弄错的话——我想,您说的Deny目录浏览器的意思是要实现的功能:使用浏览器在指定的路径中显示目录的内容。是的,它在本地开发服务器上可能不会工作。在IIs试试!
#4
0
I was trying the same code. What you have is in fact correct. Here is the reference.
我也在尝试同样的代码。你所拥有的事实上是正确的。这是参考。
Of course it wasn't working for me and I couldn't figure out why, until I read Richard's post and remembered that someone put a web.config file in that directory. That file overrides the behavior in the main web.config file. In the sub directory web.config the directoryBrowse option was explicitly turned on (as well as a LOT of other handlers, yikes!). Delete that file and what you have above works for me. It actually passes the request along to the next handler, which is exactly what I wanted.
当然这对我不起作用,我也不知道为什么,直到我读了理查德的文章,记起有人放了一个网络。该目录中的配置文件。该文件覆盖了主web中的行为。配置文件。在子目录web中。配置directoryBrowse选项被显式地打开(以及许多其他处理程序,哎呀!)删除那个文件,你上面的东西对我有用。它实际上将请求传递给下一个处理程序,这正是我想要的。
I'm using IIS 7 on my local machine.
我正在本地机器上使用IIS 7。
#1
7
First: not everything works in a <location> block.
首先:不是所有东西都在
I cannot find a positive statement that <system.webServer> isn't supported in a <location>, but I cannot find any cases where it is suggested that it is allowed. Evidence for this is in the (global) machine.config where the system.webserver section is defined to use the IgnoreSection handler: ie. it isn't processed by the standard System.Configuration implementation, and it is that standard implementation of config handling that provides support for <location>.
我找不到
Try adding a web.config into the Cms folder with the directoryBrowse element to confirm that browsing is blocked.
尝试添加一个网络。使用directoryBrowse元素配置到Cms文件夹中,以确认浏览被阻塞。
#2
4
Gibbok, nothing is wrong here, Don't panic :)
吉博克,这里没有什么问题,不要惊慌:)
Assuming that you are browsing your website from the built-in server inside Visual Studio, This is typically a normal case.
假设您正在从Visual Studio内的内置服务器上浏览您的网站,这通常是一个正常的情况。
I'm pretty sure that if you moved to IIS with the above code, Directory browsing will behave just like what you want it to be.
我非常确信,如果您使用上述代码迁移到IIS,目录浏览将会像您希望的那样运行。
Give it a try and host this website in IIS, and let us know what happened, Thanks.
请尝试并在IIS上建立这个网站,让我们知道发生了什么,谢谢。
#3
0
the <directoryBrowse> directive controls the listing of the directory via the http protocol only: http://msdn.microsoft.com/en-us/library/ms691327%28v=vs.90%29.aspx
It will not have any effect on code, trying to access the directory from within any other (or even your own) application.
它不会对代码产生任何影响,试图从任何其他(甚至是您自己的)应用程序中访问该目录。
@Edit: after the edit and if I get you right - I think, what you mean by Deny Directory Browser is the intended functionality: show the contents of the dir within a specified path using the browser. And yes, it probably will not work in the local development server. Try it on IIs!
@Edit:在编辑之后,如果我没弄错的话——我想,您说的Deny目录浏览器的意思是要实现的功能:使用浏览器在指定的路径中显示目录的内容。是的,它在本地开发服务器上可能不会工作。在IIs试试!
#4
0
I was trying the same code. What you have is in fact correct. Here is the reference.
我也在尝试同样的代码。你所拥有的事实上是正确的。这是参考。
Of course it wasn't working for me and I couldn't figure out why, until I read Richard's post and remembered that someone put a web.config file in that directory. That file overrides the behavior in the main web.config file. In the sub directory web.config the directoryBrowse option was explicitly turned on (as well as a LOT of other handlers, yikes!). Delete that file and what you have above works for me. It actually passes the request along to the next handler, which is exactly what I wanted.
当然这对我不起作用,我也不知道为什么,直到我读了理查德的文章,记起有人放了一个网络。该目录中的配置文件。该文件覆盖了主web中的行为。配置文件。在子目录web中。配置directoryBrowse选项被显式地打开(以及许多其他处理程序,哎呀!)删除那个文件,你上面的东西对我有用。它实际上将请求传递给下一个处理程序,这正是我想要的。
I'm using IIS 7 on my local machine.
我正在本地机器上使用IIS 7。