Versions Compared

Old Version 3

changes.mady.by.user Mattias Löfstrand

Saved on

compared with

New Version 4

changes.mady.by.user Mattias Löfstrand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prevent directory traversal

Make sure that the short file name does is not allowed on the server. You ca do do by edit This is achieved by editing the registry.

  1. Search regedit in windows server

...

  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

  3. Find key NtfsDisable8dot3NameCreation

...

  2. Double click to set the value to 1

...

This will prohibit hacker hackers to do directory traversal with short file name.Then take the following steps,

Set IIS URL filtering

Set up IIS to filter URLs on forbidden characters.

  1. Open IIS- Double click request filtering.

    Image Modified

...

  1. Add deny sequence (eg.

...

  1. tilde, backslash etc) for the url

...

...

IIS error pages not to display error information

  1. Go to the error pages - double click

    Image Modified

...

  1. For the error code click edit feature code and then check custom error pages instead of detail error page and select the custom error page location.

...