URL /lpt1 和 /com1 导致 IIS 呈现自己的死屏
在运行最近的 SkipFish 扫描时,我们发现如果您调用 /lptX 或 /comX(其中 X 是数字 1-9),IIS (7.5) 将返回以下内容。
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you ...[and so on]...
尽管事实上我们在站点级别和 Web 服务器配置级别都有自定义的[漂亮]错误。
如果您有 IIS 机器,请立即在 IIS 机器上尝试一下 - http://localhost/lpt1 应该可以做到。
我猜这是 LPT 打印机和通过 COM 端口连接的鼠标的“美好时光”遗留下来的东西。但看到 IIS 的某些区域我无法配置,这有点令人不安。
是否可以强制 IIS 为这些“特殊”URL 提供自定义 404 页面?
When running a recent SkipFish scan - we found that IIS (7.5) returns the following if you call /lptX or /comX (where X is a number 1-9).
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you ...[and so on]...
This is dispite the fact that we have custom [pretty] errors at the site-level and at the web server config level.
Try it on your IIS box now if you have one - http://localhost/lpt1 should do it.
I'm guessing this is a legacy thing from 'the good ol days' of LPT printers and mice connecting via COM ports. But it is slightly unsettling to see and area of IIS that I can't config.
Is it possible to force IIS to serve a custom 404 page even for these 'special' URLs?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在 ASP.NET 4.0 之前,无法在 URL 中使用某些保留文件名,例如
con、lpt、aux等:这是一个限制ASP.NET,而不是 MVC。
然而好消息是现在这是可能的:
如果您没有使用 ASP.NET 4.0,您应该能够使用 IIS7 自己的
Until ASP.NET 4.0 it wasn't possible to use certain reserved filenames such as
con,lpt,auxand so in on your urls:This was a limitation of ASP.NET, not MVC.
However the good news is that it's now possible:
If you're not using ASP.NET 4.0, you should be able to catch these 404's using IIS7's own
<httpErrors>configuration settings.使用 ASP .NET 3.5,您可以使用 url 重写模块的 url 重写规则将 url 更改为有效的 url。
url重写模块是:
类似的内容:
With ASP .NET 3.5 you can use an url rewrite rule of the url rewrite module in order to change the url to a valid one.
The url rewite module is:
Something like: