Improve IIS security

This commit is contained in:
Christopher Pitt 2015-05-06 13:35:04 +12:00
parent dca8e2ad52
commit 8d51eea66f

View File

@ -1,11 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration> <configuration>
<system.webServer> <system.webServer>
<security> <rewrite>
<requestFiltering> <rules>
<hiddenSegments> <rule name="Block Scripts" stopProcessing="true">
<add segment="silverstripe_version" /> <match url="([^\\/]+)\.(php|php3|php4|php5|phtml|inc)$" />
</hiddenSegments> <conditions trackAllCaptures="true">
</requestFiltering> <add input="{REQUEST_FILENAME}" pattern="\b(main|rpc|tiny_mce_gzip)\.php$" negate="true" />
</security> </conditions>
</system.webServer> <action type="AbortRequest" />
</rule>
<rule name="Block Version" stopProcessing="true">
<match url="\bsilverstripe_version$" />
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration> </configuration>