The website ignores System.Web.HttpForbiddenHandler and allows the loading of web.config

Question

The website ignores System.Web.HttpForbiddenHandler and allows the loading of web.config

My website allows you to download the web.config file. However, in my file C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ CONFIG \ web.config I have this line

<add path="*.config" verb="*" type="System.Web.HttpForbiddenHandler" validate="true"/>

This means that any configuration file cannot be loaded.

What am I missing?

+3

web-config httphandler

Ben coffman Sep 08 '10 at 17:19

source share

1 answer

Ben coffman · Accepted Answer · 2010-09-11T22:05:45+0000

This is not a solution, but most of the work: I ended up setting the file to "hidden" on Windows and encrypted web.config ... just in case.

By setting it to hidden, the web server does not serve it, but it can still be used by asp.net to run it.

The website ignores System.Web.HttpForbiddenHandler and allows the loading of web.config

More articles: