This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming .Net/C # [IIS] ASP.NET Prohibit access to download rar and zip files
View: 34156|Reply: 0

[ASP.NET] [IIS] ASP.NET Prohibit access to download rar and zip files

[Copy link]
Posted on 2021-1-13 10:50:26 | | | |
I remember that on older versions of IIS, files in zip and rar format cannot be downloaded by default, and MIME settings need to be added to allow download access.

In the latest IIS 10 version, you can directly access the download rar and zip files, and every time you update the website, you may package the release package into a zip format and copy it to the server to unzip the update.

If the compressed update package is not deleted in time and is accessed and downloaded by others, it will lead to source code leakage, which will affect the security of the website.

How to disable access to download rar and zip files?

web.config is configured as follows:

Attempting to access a RAR file that already exists in the root directory of the website gives the following error:

Request URL: http://localhost:8086/itsvse.rar
Request Method: GET
Status Code: 403 Forbidden
Remote Address: [::1]:8086
Referrer Policy: strict-origin-when-cross-origin


As a result, we set the removal of static files in this format:



You can see the MIME type, there is no setting for rar and zip anymore.

(End)




Previous:.NET/C# to get the current application state (CPU, thread, GC)
Next:Entity Framework (EF) executes SQL statements and stored procedures

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com