mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Improve IIS security
This commit is contained in:
parent
dca8e2ad52
commit
8d51eea66f
29
web.config
29
web.config
@ -1,11 +1,20 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<security>
|
||||
<requestFiltering>
|
||||
<hiddenSegments>
|
||||
<add segment="silverstripe_version" />
|
||||
</hiddenSegments>
|
||||
</requestFiltering>
|
||||
</security>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
<system.webServer>
|
||||
<rewrite>
|
||||
<rules>
|
||||
<rule name="Block Scripts" stopProcessing="true">
|
||||
<match url="([^\\/]+)\.(php|php3|php4|php5|phtml|inc)$" />
|
||||
<conditions trackAllCaptures="true">
|
||||
<add input="{REQUEST_FILENAME}" pattern="\b(main|rpc|tiny_mce_gzip)\.php$" negate="true" />
|
||||
</conditions>
|
||||
<action type="AbortRequest" />
|
||||
</rule>
|
||||
<rule name="Block Version" stopProcessing="true">
|
||||
<match url="\bsilverstripe_version$" />
|
||||
<action type="AbortRequest" />
|
||||
</rule>
|
||||
</rules>
|
||||
</rewrite>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
|
Loading…
Reference in New Issue
Block a user