How to enable/disable web directory indexing in IIS 7? I am not able to find web.config file. But I can find applicationHand.config file where I saw this line: <directoryBrowse enabled="true" />
I created web.config file in the same folder and added the following. It's not working.
<configuration>
<location path="Secured">
<system.webServer>
<directoryBrowse enabled="true" />
</system.webServer>
</location>
</configuration>
One more question I have is, is by default web directory indexing is disabled in IIS and Apache2 ?
Related
We have a domain (domain.com) that has an alias (alias.com). We are using Plesk and a Windows Server. In Plesk, alias.com is setup as an alias for domain.com.
We need that when people access to alias.com it goes to a certain page within the main domain, for example domain.com/this-page.html.
The web site is an ASP.NET MVC web site, in case we can do something using the web.config.
Is this possible? How can we do this?
Open web.config in the directory where the old pages reside
Then add code for the old location path and new destination as follows:
<configuration>
<location path="services.htm">
<system.webServer>
<httpRedirect enabled="true" destination="http://example.com/services" httpResponseStatus="Permanent" />
</system.webServer>
</location>
<location path="products.htm">
<system.webServer>
<httpRedirect enabled="true" destination="http://example.com/products" httpResponseStatus="Permanent" />
</system.webServer>
</location>
</configuration>
My ASP.Net application contains a subdirectory foo which should not be accessed using http. I thought the easiest solution was to place the web.config below in the subdirectory foo.
<configuration>
<system.web>
<httpRuntime enable="false"/>
</system.web>
</configuration>
But it does not work. For example, http://myapp/foo/test.html is not rejected by the server.
You can try to add this within your web.config :
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="directoryYouWantToProtect"/>
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
I tested it and it seems to work fine, when I try to list the directory or access a file directly I have a 404.8 HTTP Error (The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section)
My application has this structure
MyApplication
-Themes
In my application's webconfig I remove the UrlAuthorization module and add my own:
<modules runAllManagedModulesForAllRequests="true">
<remove name="UrlAuthorization" />
<add name="MyModule" type="MyType, MyNamespace" preCondition="managedHandler" />
</modules>
My Theme folder has this webconfig (this is the complete webconfig):
<?xml version="1.0"?>
<configuration>
<system.web>
<pages styleSheetTheme="" validateRequest="false" />
</system.web>
</configuration>
I have this deployed in 3 environments. 2 of them works correctly but in one of them I have the UrlAuthorization module working when I make a request do a file inside the Theme folder.
I know that the UrlAuthorization is active because I do not get the resource I requested, but an URL /ReturnURl/... path
The < remove> tag is working because removing it causes the whole request to be redirect to the /ReturnUrl
Is there any reason that may cause this behavior to happen only in this machine?
I deployed all of them and I do not remember making and different task on any of them
thanks!
FYI, it was an issue due to the folders permissions in the file system. I made the environments identical and it worked.
I have a site developed in ASP.NET which is hosted.Now in my site there is folder known as "upload" in which some .rar files are saved for private use.When I directly type the url, the file gets downloaded.
Say suppose the file is at "http://www.mathew.com/uploads/mine.rar",if i type the url in the browser and hit enter,it downloads the file even though directory listing is not there.
I want to restrict this..How can I achieve it.
Thanks,
Mathew
You can restrict that by authorization. Put a web.config file in this folder with:
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
EDIT :
This won't work since rar files are not handled by asp.net, so in addition you need to add a handler for asp.net treat rar files like aspx files:
For classic mode:
<system.web>
<httpHandlers>
<add verb="*" path="*.rar" type="System.Web.UI.PageHandlerFactory" />
</httpHandlers>
</system.web>
For integrated mode (default for iis 7.5 and VS 2012)
<system.webServer>
<handlers>
<add name="rar" path="*.rar" verb="*" type="System.Web.UI.PageHandlerFactory"/>
</handlers>
</system.webServer>
I have an IIS website running an ASP.NET site but it has multiple applications running under it (a virtual directory with separate app pools basically).
Well - I need two separate applications which point to the same root folder director but I want the apps to have separate default documents. The reason is because this is how it is configured in production and this is on my development box.
The problem is that IIS keeps giving me the SAME default document for both apps (which are separate virtual paths and separate app pools just same physical location). How can I overcome this or can I not in IIS7?
I am going to be re-writing the whole thing and it will not be done this way in the furture...but until then I need to fix some bugs and want a local dev environment. Help!
In order to accomplish this and preserve the setup implemented in our sites I needed to add a location tag around the System.WebServer element in the root site web.config and specify the default document in there as follows where the path is the VirtualDirectory/Application name:
<location path="VirtualDirectoryName">
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="Document.asp" />
</files>
</defaultDocument>
</system.webServer>
</location>
<location path="VirtualDirectoryName2">
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="AnotherDocument.asp" />
</files>
</defaultDocument>
</system.webServer>
</location>