Disable script execution by default in App_data and data in iis7

This is a forum to suggest new features for mojoPortal. 

This thread is closed to new posts. You must sign in to post in the forums.
9/30/2010 12:41:27 PM
Magnetic_dud
Gravatar
Total Posts 251
View Posts

Disable script execution by default in App_data and data in iis7

I discovered that if IIS7 founds a web.config with this content:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <handlers accessPolicy="Read" />
    </system.webServer>
</configuration>
 

it will disable the script execution in that folder.

That could make new installations more secure.

9/30/2010 1:04:06 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Disable script execution by default in App_data and data in iis7

App_Data folder needs to be writable

Best,

Joe

9/30/2010 1:08:12 PM
Magnetic_dud
Gravatar
Total Posts 251
View Posts

Re: Disable script execution by default in App_data and data in iis7

app_data will continue to be writable

it's just removing the execute and script permissions as you wrote here http://www.mojoportal.com/securing-the-file-system.aspx

You must sign in to post in the forums. This thread is closed to new posts.