Should package.json be blocked by web server (IIS)

2018-06-14 19:09:58

If I try to access web.config server returns HTTP Error 404.8 - Not Found (The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.)

If I try to access packages.config server returns HTTP Error 404.7 - Not Found (The request filtering module is configured to deny the file extension.)

Now I get why those two are blocked/filtered. But I am not sure why package.json is not.

Could somebody explain the reason for it?

If it should be blocked how do I go about it, so it does not affect other .json files that do need be served by the Web Server (IIS)?

Just add it to web.config's hiddenSegments section:

<system.webServer>
<security>
  <requestFiltering>
    <hiddenSegments>
      <add segment="package.json" />
    </hiddenSegments>
  </requestFiltering>
</security>
</system.webServer>

More details about hiddenSegments available here

链接地址: http://www.djcxy.com/p/42070.html

上一篇: ASP.NET MVC 5：使用网站模板无尽地重定向到登录页面

下一篇: 如果package.json被web服务器（IIS）阻止