We strive to use URLs without continuing for the first time in our organization. We asked our sys administrators to add wildcard matching in IIS6 so that all requests are handled through asp.net. They push back, citing security concerns. I don’t have enough information about potential wildcard matching security issues to find out what kind of security issues it can or cannot create. Any feedback would be appreciated.
Basically, adding a wildcard mapping in IIS6, then ALL requests will be processed through the .net infrastructure. I'm not sure about security issues, but I know that a lack of performance has never been verified
see link text
The big problem, I suspect, is that most types of administrators are afraid of what they don’t understand. They are IIS grok, but the entire ASP.NET pipeline is a stranger. Ask them to document their problems, then you can shoot them down one by one.
, , ( ).
, .NET, IIS. , , .
, , , , - .NET, . .NET . HttpModule web.config, , ( , ).
- , , - .
, , .exe, , IIS ISAPI.
If you have .exe, bat, or other executable files anywhere in the IIS path, any user can execute them.
If you carefully configure IIS sites and virtual directories to not contain anything that could be used maliciously, then you should be fine.
Source: https://habr.com/ru/post/1713460/More articles:WPF Добавление всплывающей подсказки на дорожку слайдера - wpfASP.net - Query-String Caching (VaryByParam) - query-stringArc based gradient - c #How to filter deployed code when exporting EAR from eclipse? - eclipseProgrammatically determine the maximum length of a file name - linuxWhy does the child control of the child update panel update both the parent and the child, if each of them is set to conditional? - ajaxHow to include external libraries in an open source project? - c #How to get height of horizontal scrollbar in ListView - c #Returning other objects to init - initializationEffectively record and store pageviews in a database? - designAll Articles