Reputation: 115859
Disable IIS Request Filtering for certain paths
Is there any way I can have IIS 7.0+ (or 7.5+) configured such that for certain paths Request Filtering is completely disabled. That is,
http://host.local/foo/bar.cs
is forbidden (since serving *.cs files is explicitly forbidden in applicationHost.config), but
http://host.local/foo/allow-all/bar.cs
is allowed.
Upvotes: 4
Views: 5664
Answers (1)
Reputation: 141678
In your allow-all directory, you can create a web.config file with the following configuration:
<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".cs" />
</fileExtensions>
</requestFiltering>
</security>
<staticContent>
<mimeMap fileExtension=".cs" mimeType="text/plain" />
</staticContent>
</system.webServer>
</configuration>
This configuration removes the .cs extension from the request filtering. Additionally, for IIS to properly serve content, it needs a MIME type, so the .cs extension is added as text/plain.
These changes will also apply to all child directories of allow-all. This configuration works with an Integrated App Pool. Classic may require additional changes since there are HTTP handlers that explicitly disallow .cs as well.
Upvotes: 5
Related Questions
- IIS7.5 web.config - How to match a path with query string?
- Block web access to a single subfolder using IIS?
- How to restrict a website to get access to a specific path through IIS?
- IIS Request Filtering Allow URL
- IIS URL Rewriting rule - exclude ALL files and a specific path
- IIS: Let pass only allowed requests
- IIS - block requests by URL pattern
- Bypass Path traversal Filter
- requestFiltering equivalent in IIS 6.0
- ASP.NET MVC "Potentially dangerous Request.Path" with valid URL