The
<requestFiltering> tag is located under the following location in the XML config file: /configuration/system.webServer/security/. There are 5 child tags of the requestFiltering tag:denyUrlSequences- Used to deny specific URI'sfileExtensions- Used to deny specific file extensions, or allow only a whitelist of file extensions.hiddenSegments- Used to hide URI sequencesrequestLimits- Used to limit the size of elements in the HTTP Request (query string, headers, url, content length, etc)verbs- Deny HTTP verbs (such as POST, TRACE, PUT, DELETE, etc)
<configuration>
<system.webServer>
<security>
<requestFiltering>
<!-- block /CFIDE -->
<denyUrlSequences>
<add sequence="/CFIDE"/>
</denyUrlSequences>
<!-- block all file extensions except cfm,js,css,html -->
<fileExtensions allowUnlisted="false" applyToWebDAV="true">
<add fileExtension=".cfm" allowed="true" />
<add fileExtension=".js" allowed="true" />
<add fileExtension=".css" allowed="true" />
<add fileExtension=".html" allowed="true" />
</fileExtensions>
<!-- hide configuration dir -->
<hiddenSegments applyToWebDAV="true">
<add segment="configuration" />
</hiddenSegments>
<!-- limit post size to 10mb, query string to 256 chars, url to 1024 chars -->
<requestLimits maxQueryString="256" maxUrl="1024" maxAllowedContentLength="102400000" />
<!-- only allow GET,POST verbs -->
<verbs allowUnlisted="false" applyToWebDAV="true">
<add verb="GET" allowed="true" />
<add verb="POST" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
</configuration>Taken from Freshers click here
No comments:
Post a Comment