I've been using URL scan to deny Verbs- Http Method such as put, trace and so on. I remember we used to restrict file extension URL requests that are reaching to web server . These are all part of security practices and also helping right request served by the web server.
Cool Tip- If you want to prevent directory browsing. Go to run-> inetmgr-> select request filtering -> select URL tab-> select Deny Sequence --> input two dot (period) operator or character.
To test this try to access the website resources such as www.sample.com/images/demo.jpg
It will throw error.
http://www.iis.net/configreference/system.webserver/security/requestfiltering
Cool Tip- If you want to prevent directory browsing. Go to run-> inetmgr-> select request filtering -> select URL tab-> select Deny Sequence --> input two dot (period) operator or character.
To test this try to access the website resources such as www.sample.com/images/demo.jpg
It will throw error.
http://www.iis.net/configreference/system.webserver/security/requestfiltering
No comments :
Post a Comment