2

I have gone through several forums (add files to the App_Data, write Handler), I have been looking for solutions, but so far without success. I use PHP in every main .htaccess directory, which prohibits direct access to the address and the files, but I do not know how to set this in the ASP.MVC 5 application written in C #.

In .htaccess I use this:

<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>

Is there any option to allow only some directories to crawl directly (such as Content for CSS or Scripts for JS) in C# project or directly on IIS 10?

On my IIS I have disabled directory browsing, but for example, when I write url directly to my XML file (my XML DB) https//:web.test.com/Def/db.xml, I got this file with all data.

Jan Sršeň
  • 1,045
  • 3
  • 23
  • 46

1 Answers1

0

MySolution:

I simply set my folder by IIS 10 -> Site -> NameOfWebSite -> RequestFiltering -> Hidden Segments -> Add hidden segment

This action add to Web.config this block of code:

<system.webServer>        
    <security>
        <requestFiltering>
            <hiddenSegments>
                <add segment="Def" />
            </hiddenSegments>
        </requestFiltering>
    </security>
</system.webServer>
Jan Sršeň
  • 1,045
  • 3
  • 23
  • 46
  • That action in Web.config not allow load js files to execution or show images in web browser. – Ejrr1085 Jan 16 '21 at 22:17
  • In **ASP.NET MVC5 Project** is folder **Content** which is intended for Images, CSS, and also Javascript (Nuget Package manager also use this folder), folder **Def** is my special folder which I created for some additional definitions. I use this standard ASP.MVC template and Images and JavaScript works fine – Jan Sršeň Jan 17 '21 at 10:12