I have a NancyFx application where I've setup an Virtual Directory under the path /photos. However, when I browse to it I get a 404. I have made sure permissions etc.. are correct so I'm wondering if it is something to do with NancyFx hijacking the request and looking for a route defined under my /photos path?
The easiest way would be to tell IIS to not use Nancy in the /photo directory. You can do this by adding the location in your web.config like so:
<location path="photo">
<system.webServer>
<handlers>
<remove name="Nancy"/>
</handlers>
</system.webServer>
</location>
Documentation can be found here:
https://github.com/NancyFx/Nancy/wiki/Managing-static-content#letting-iis-handle-static-content
Related
My ASP.Net application contains a subdirectory foo which should not be accessed using http. I thought the easiest solution was to place the web.config below in the subdirectory foo.
<configuration>
<system.web>
<httpRuntime enable="false"/>
</system.web>
</configuration>
But it does not work. For example, http://myapp/foo/test.html is not rejected by the server.
You can try to add this within your web.config :
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="directoryYouWantToProtect"/>
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
I tested it and it seems to work fine, when I try to list the directory or access a file directly I have a 404.8 HTTP Error (The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section)
I like to secure all aspx files in a folder ~/Secure/ secure such that specific IP addresses can access the folder's aspx files. I added the following web.config file to the folder, hoping that it adds to the parent web.config:
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</configuration>
The problem is that I get this error when I try to access to any of the aspx pages in the folder:
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
What does it take to make this idea happen? I like to just include one web.config file to a folder and that enforces the IP address authorization. I like this idea, since it is no-code and config only.
You cannot do it in the website web.config only.
If you can use IIS manager:
Open IIS Manager, locate the site, click on the folder you want to protect, then click on IP address and Domain Restrinctions.
Also click on "Edit feature settings" in the right Actions panel" to specify actions for unspecified clients (i.e. Deny with Forbidden, or simply Deny With Not Found).
This will generate the right configuration for you.
In your root web.config use the location element:-
<location path="Secure">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
My application has this structure
MyApplication
-Themes
In my application's webconfig I remove the UrlAuthorization module and add my own:
<modules runAllManagedModulesForAllRequests="true">
<remove name="UrlAuthorization" />
<add name="MyModule" type="MyType, MyNamespace" preCondition="managedHandler" />
</modules>
My Theme folder has this webconfig (this is the complete webconfig):
<?xml version="1.0"?>
<configuration>
<system.web>
<pages styleSheetTheme="" validateRequest="false" />
</system.web>
</configuration>
I have this deployed in 3 environments. 2 of them works correctly but in one of them I have the UrlAuthorization module working when I make a request do a file inside the Theme folder.
I know that the UrlAuthorization is active because I do not get the resource I requested, but an URL /ReturnURl/... path
The < remove> tag is working because removing it causes the whole request to be redirect to the /ReturnUrl
Is there any reason that may cause this behavior to happen only in this machine?
I deployed all of them and I do not remember making and different task on any of them
thanks!
FYI, it was an issue due to the folders permissions in the file system. I made the environments identical and it worked.
I have a project with a HttpHandler that's supposed to execute when an extensionless url like this localhost/foo/bar is requested. I got this properly working on a local Visual Studio development server (by using <httpHandlers> in <system.web> instead of <system.webServer><handlers>) but this functionality doesn't work when deployed to IIS 7.5 (Standard 404 error: http://i.imgur.com/YuNjT.jpg). This issue is not restricted to extensionless URLs (I might add any extension at the end and the issue remains) but my desired functionality is to use extensionless url in this scenario. I googled some information that extensionless URLs may cause some issues that's why I mention it here. The AppPool is set to Integrated. I did aspnet_regiis.exe -i. I have Http Redirection feature installed on the IIS server. Here's my handlers config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<add name="FileDownloadHandler" path="/Home/Files/*" verb="*" type="MvcApplication1.FileDownloadHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
</handlers>
<directoryBrowse enabled="true" />
</system.webServer>
And here's my routing setup:
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.IgnoreRoute("home/files/{*pathInfo}");
routes.MapRoute(
"Default",
"{controller}/{action}/{id}",
new { controller = "Home", action = "Index", id = UrlParameter.Optional }
);
I'm guessing the code is fine but something's off with my IIS configuration. Can anyone guide me in the right direction? I've googled for days now and I couldn't find a solution that helped me. Here's a sample project (works on local VS dev server but not on my IIS):
http://mapman.pl/MvcApplication1.zip
When you build (and deploy to your local IIS) the above solution try requesting an url like this: http://localhost/MvcApplication1/Home/Files/foobar
Thanks in advance,
Bartek
In your web.config replace:
path="/Home/Files/*"
with:
path="Home/Files/*"
The reason for that is because when you host your application in IIS, there's a virtual directory name and the correct path is /MvcApplication1/Home/Files/* instead of /Home/Files/*. This problem is easily solved by using a relative urls in your path attribute.
My WebSite runs fine on iis6, as you can see here: http://93.115.250.xxx/
I recently tried to migrate it to iis7, and after a lot of hussle I now can see the starting page, but all urls rewritten through mappageroute give a 404 as you can see here: 94.75.xxx.xxx
Any ideas as to why iis7 is trying to access a physical file and ignores the pageroute?
I am currently programming in a mixed environment. My alpha server is Server2008, beta and production are still 2003. You need to modify the config file to have system.webServer node with the following entry:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
I am not sure if this is applicable in your instance, but my application required log-in accept for publicly available image files available from a re-written directory. Don't forget to add an except to where the route is mapped:
<location path="{target path}">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>