Menu
In IIS 7 I try to deny access to all files with the extension .xml for all users.
I tried the following setting in my web.config file:
<location path="*.xml">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
But then getting any file results in an internal server error.
It works if I deny access to the individual files but this solution does not buy me much as I do not know all .xml files in advance.
749
The <location> element typically contains a <system. web> element and other configuration elements exactly as you use them in the Web. config file. The path attribute of the <location> element specifies the virtual directory or the file name where the location configuration items apply.
string filePath = ConfigurationManager. AppSettings["Path"]. ToString();
Locate the web. config file in the root directory of your application (or create one if it does not already exist). Add an <appSettings> element. Add <add> child elements along with key / value pairs to the <appSettings> element as required.
The configuration files for IIS 7 and later are located in your %WinDir%\System32\Inetsrv\Config folder, and the primary configuration files are: ApplicationHost. config - This configuration file stores the settings for all your Web sites and applications. Administration.
Try this:
<configuration>
<system.web>
<httpHandlers>
<add path="*.xml" verb="*"
type="System.Web.HttpNotFoundHandler" />
</httpHandlers>
</system.web>
</configuration>
By the way you could alternatively store all of your xml files within the App_Data directory. Storing files of any type in this directory will not be served to the web.
100
Another way is to use a request filter:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".xml" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With