问题描述
我想限制我的网络应用程序,以便无法下载/显示 .txt 文件.这是我可以在我的 web.config 文件中设置的吗?
I want to restrict my web app so that .txt files can not be downloaded/shown. Is this something I can set up in my web.config file?
我在我的配置文件中试过这个:
I tried this in my config file:
<system.web>
<httpHandlers>
<add verb="*" path="*.txt" type="System.Web.HttpForbiddenHandler" />
</httpHandlers>
</system.web>
...但它没有效果.我正在使用 IIS7 并且应用程序是 .NET3.5,这可能与它有关吗?我知道这实际上适用于 .NET 1.0 1.1 和 2.0.
...but it had no effect. I am using IIS7 and application is .NET3.5, could this have something to do with it? I know this would actually work for .NEt 1.0 1.1 and 2.0.
我在文档中注意到(添加 httpHandlers),要求部分:
I noticed in the documentation for this (add httpHandlers), the Requirements section:
Microsoft Internet 信息服务 (IIS) 版本 5.0、5.1 或 6.0
.NET Framework 版本 1.0、1.1 或 2.0
Microsoft Visual Studio 2003 或 Visual Studio 2005
Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0
The .NET Framework version 1.0, 1.1, or 2.0
Microsoft Visual Studio 2003 or Visual Studio 2005
...表示 .NET 3 和 IIS7 不支持此功能...
...which indicates that this is not supported in .NET 3 and IIS7...
这是在 IIS7 中哪里指定的?
Where is this specified in IIS7?
推荐答案
看看这篇微软支持文章了解如何实现这一点:如何:使用 ASP.NET 保护文件类型.
Take a look at this MS Support article on how to achieve this: HOW TO: Use ASP.NET to Protect File Types.
它涉及设置 IIS 以将这些请求转发到 ASP.NET,然后设置您的 web.config 以阻止所需的文件类型,例如:(nb 这适用于您的开发机器和 IIS7 之前 - 请务必查看下面)
It involves setting up IIS to forward those requests to ASP.NET and then setting up your web.config to block the desired file types, such as: (nb this works for your dev machine and before IIS7 - be sure to see below)
<system.web>
<httpHandlers>
<add verb="*" path="*.ini" type="System.Web.HttpForbiddenHandler" />
</httpHandlers>
</system.web>
根据 httpHandlers 元素页面,从 .NET 2.0 开始默认禁止以下扩展名(.ini 不是其中之一):
According to the httpHandlers Element page, the following extensions are forbidden by default as of .NET 2.0 (.ini is not one of them):
*.asax、*.ascx、*.master、*.skin、*.browser、*.sitemap、*.config、*.cs、*.csproj、*.vb、*.vbproj、*.webinfo, *.licx, *.resx, *.resources, *.mdb, *.vjsproj, *.java, *.jsl, *.ldb, *.dsdgm, *.ssdgm, *.lsad, *.ssmap, *.cd、*.dsprototype、*.lsaprototype、*.sdm、*.sdmDocument、*.mdf、*.ldf
*.asax, *.ascx, *.master, *.skin, *.browser, *.sitemap, *.config, *.cs, *.csproj, *.vb, *.vbproj, *.webinfo, *.licx, *.resx, *.resources, *.mdb, *.vjsproj, *.java, *.jsl, *.ldb, *.dsdgm, *.ssdgm, *.lsad, *.ssmap, *.cd, *.dsprototype, *.lsaprototype, *.sdm, *.sdmDocument, *.mdf, *.ldf
这适用于 IIS 7.0 之前的 IIS 版本.IIS 7.0 添加了一个额外的操作模式,称为集成模式(ASP.NET 的默认设置),它要求将处理程序放置在
而不是 <system.web>/<httpHandlers>
.我在此页面上添加了一些更多信息和指向@awe 答案的链接,请查看以获取更多详细信息.
this applies to IIS versions prior to IIS 7.0. IIS 7.0 adds an additional operating mode, called Integrated Mode (default for ASP.NET), which requires handlers to be placed in <system.webServer>/<handlers>
instead of <system.web>/<httpHandlers>
. I added some more info and links to @awe's answer on this page, check it out for more details.
重要!适用于 IIS 7.0 或更高版本
根据编辑中的规定,您需要将 <add>
元素放在不同的位置并且规则也需要名称 - 如果您没有指定名称重启时会出现 500 内部错误
As specified in the edit you need to place the <add>
element in a different place and the rule needs a name too - if you dont specify a name you will get a 500 Internal Error when restarting
<system.webServer>
<handlers>
<add name="IgnoreIni" verb="*" path="*.ini" type="System.Web.HttpForbiddenHandler" />
</handlers>
</system.webServer>
这篇关于如何限制指定文件类型的下载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!