0

We've implemented successfully bundling and minification in our Web App. The following is a very small section of the BundleConfig class, we've included a lot of js files:

bundles.Add(new ScriptBundle("~/bundles/base_scripts").Include(
                    "~/scripts/jquery-1.9.1.min.js",
                    "~/scripts/jquery-migrate-1.4.1.js",
                    "~/scripts/chosen.jquery.js", ...)

However our security tool has reported a security issue when accessing to bundles/base_script virtual folder directly. Is there any option to disable the access to this folder from the web?

Basically the whole world can access to the following path and check all the JS files:

www.mywebapp/bundles/base_script

TommyGarcia
  • 119
  • 4

1 Answers1

0

There are two accounts that asp.net use. One is for the pool and one is for the iis to access the files.

  • The pool account needs to have access to that files so can read them
  • The iis account must not been able to reads them

So find the Public Access account name looking here :

and then REMOVE the read access for that account only from the directory that you need to have private

Similar answer : How to set correct file permissions for ASP.NET on IIS

Aristos
  • 66,005
  • 16
  • 114
  • 150
  • Thanks for your answer, however the bundles/base_script directory is virtual, it is not physically in the folder structure neither in the hidden folders. Looks like it is created in runtime. – TommyGarcia Aug 16 '21 at 12:45
  • @TommyGarcia this virtual directory is actually looking a real directory. Just find it out where its looks – Aristos Aug 19 '21 at 12:20