tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Improve IIS security

Browse Source
This commit is contained in:
Christopher Pitt 2015-05-06 13:35:04 +12:00
parent dca8e2ad52
commit 8d51eea66f
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
web.config
View File

@ -1,11 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration> <configuration>
<system.webServer> <system.webServer>
<security> <rewrite>
<requestFiltering> <rules>
<hiddenSegments> <rule name="Block Scripts" stopProcessing="true">
<add segment="silverstripe_version" /> <match url="([^\\/]+)\.(php|php3|php4|php5|phtml|inc)$" />
</hiddenSegments> <conditions trackAllCaptures="true">
</requestFiltering> <add input="{REQUEST_FILENAME}" pattern="\b(main|rpc|tiny_mce_gzip)\.php$" negate="true" />
</security> </conditions>
</system.webServer> <action type="AbortRequest" />
</configuration> </rule>
<rule name="Block Version" stopProcessing="true">
<match url="\bsilverstripe_version$" />
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>