如何授予Windows Web服务器目录权限？

发布于 2025-01-05 15:18:23 字数 783 浏览 1 评论 0原文

我有一个 Windows Web 服务器，我正在使用 xml 作为 web.config 我目前将 .exe、.bin 和 .dll 的扩展权限设置为 false，

但我创建了一个名为“thing”的目录，其中包含 .exe 和我想在该目录中写入 xml 权限，以便我从中下载 .exe 文件，

 <?xml version="1.0" encoding="utf-8" ?>
 <configuration>
     <system.webServer>
         <security>
             <requestFiltering>
                 <fileExtensions>
                     <add fileExtension=".dll" allowed="false" />
                     <add fileExtension=".exe" allowed="false" />
                     <add fileExtension=".bin" allowed="false" />
                 </fileExtensions>
             </requestFiltering>
         </security>
     </system.webServer>
 </configuration>

请帮忙？

原文

I have a windows web server and i am using xml for the web.config i currently have extensions permissions set to false for .exe, .bin, and .dll

but i made a directory called "thing" with a .exe in it and i want to write in xml permissions for that directory that lets me download .exe files from it

 <?xml version="1.0" encoding="utf-8" ?>
 <configuration>
     <system.webServer>
         <security>
             <requestFiltering>
                 <fileExtensions>
                     <add fileExtension=".dll" allowed="false" />
                     <add fileExtension=".exe" allowed="false" />
                     <add fileExtension=".bin" allowed="false" />
                 </fileExtensions>
             </requestFiltering>
         </security>
     </system.webServer>
 </configuration>

help please?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

○闲身 2025-01-12 15:18:23

从 IIS7 文档中，您可以在 < code>控制 URL 访问：

- 此元素可以包含 IIS 7 将拒绝的 URL 序列模式的集合；例如：您可以拒绝攻击者可能尝试利用的部分 URL 序列。
- 此元素可以包含 IIS 7 将拒绝或允许的文件扩展名的集合；例如：您可以阻止对 Web.config 文件的所有请求。`
- 该元素可以包含无法浏览的 URL 集合；例如：您可以拒绝对 ASP.NET App_Code 文件夹的请求。

例如：

<requestFiltering>
    <!-- deny access to any URL which contains /private -->
    <denyUrlSequences>
       <add sequence="/private"/>
    </denyUrlSequences>
    <!-- block all file extensions except js,css,html -->
    <fileExtensions allowUnlisted="false">
       <add fileExtension=".js" allowed="true" />
       <add fileExtension=".css" allowed="true" />
       <add fileExtension=".html" allowed="true" />
    </fileExtensions>
    <!-- hide config and bin dir -->
    <hiddenSegments>
       <add segment="config" />
       <add segment="bin" />
    </hiddenSegments>
</requestFiltering>

您可以隐藏某些 URL 或阻止某些文件扩展名，但是，据我所知，仅更改 IIS 配置无法通过文件夹微调特定文件扩展名的可访问性。如果这是您想要的，您可能需要编写一些服务器端代码。

From the IIS7 documentation, there are 3 tags that you can use within <requestFiltering> to control URL access:

<denyUrlSequences> - This element can contain a collection of URL sequence patterns that IIS 7 will deny; for example: you can deny parts of URL sequences that an attacker might try to exploit.
<fileExtensions> - This element can contain a collection of file name extensions that IIS 7 will either deny or allow; for example: you can block all requests for Web.config files.`
<hiddenSegments> - This element can contain a collection of URLs that cannot be browsed; for example: you can deny requests for the ASP.NET App_Code folder.

For example:

<requestFiltering>
    <!-- deny access to any URL which contains /private -->
    <denyUrlSequences>
       <add sequence="/private"/>
    </denyUrlSequences>
    <!-- block all file extensions except js,css,html -->
    <fileExtensions allowUnlisted="false">
       <add fileExtension=".js" allowed="true" />
       <add fileExtension=".css" allowed="true" />
       <add fileExtension=".html" allowed="true" />
    </fileExtensions>
    <!-- hide config and bin dir -->
    <hiddenSegments>
       <add segment="config" />
       <add segment="bin" />
    </hiddenSegments>
</requestFiltering>

You can hide some URLs or block some file extensions, but, as far as I can think, it is not possible to fine-tune the accessibility of specific file extensions by folder just changing the IIS configuration. If this is what you want, you'll probably need to write some server-side code.

回复收藏 0 原文

~没有更多了~