Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing Elmah RSS Feeds in ASP.NET website

I followed the answer to this question Securing Elmah in ASP.NET website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

like image 624
danludwig Avatar asked Mar 30 '10 06:03

danludwig


1 Answers

I secure mine in the web.config with a role:

<location path="elmah.axd">
    <system.web>
        <authorization>
            <allow roles="SUPER_DUPER_ADMIN"/> 
            <deny users="*"/> 
        </authorization>
    </system.web>
</location>
like image 112
rick schott Avatar answered Oct 08 '22 14:10

rick schott