Menu
I have a WebSite and I woud like Deny Directory Browser from a web.config file.
Here the code I'm using placed in the ROOT. Does not work. I'm testing it Locally so with URL LIKE http://localhost:3214/ I can still browser the directory fro CMS.
Thanks for your support!
<configuration> <location path="Cms"> <system.webServer> <directoryBrowse enabled="false" /> </system.webServer> </location> </configuration> Some resource:
http://blogs.iis.net/bills/archive/2008/03/24/how-to-enable-directory-browsing-with-iis7-web-config.aspx
http://www.expta.com/2008/03/configuring-virtual-directories-with.html
207
Directory browsing allows anyone to see all the files in a folder and their contents. To help secure your site, you'll want to use your hosting's file manager to edit the files. You should always backup your site before making any changes.
First: not everything works in a <location> block.
I cannot find a positive statement that <system.webServer> isn't supported in a <location>, but I cannot find any cases where it is suggested that it is allowed. Evidence for this is in the (global) machine.config where the system.webserver section is defined to use the IgnoreSection handler: ie. it isn't processed by the standard System.Configuration implementation, and it is that standard implementation of config handling that provides support for <location>.
Try adding a web.config into the Cms folder with the directoryBrowse element to confirm that browsing is blocked.
187
Gibbok, nothing is wrong here, Don't panic :)
Assuming that you are browsing your website from the built-in server inside Visual Studio, This is typically a normal case.
I'm pretty sure that if you moved to IIS with the above code, Directory browsing will behave just like what you want it to be.
Give it a try and host this website in IIS, and let us know what happened, Thanks.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
