Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

Prevent directory traversal

Make sure that the short file name is not allowed on the server. This is achieved by editing the registry.

  1. Search regedit in windows server

  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

  3. Find key NtfsDisable8dot3NameCreation

  4. Double click to set the value to 1

This will prohibit hackers to do directory traversal with short file name.

Set IIS URL filtering

Set up IIS to filter URLs on forbidden characters.

  1. Open IIS- Double click request filtering.

  2. Add deny sequence (eg. tilde, backslash etc) for the url

IIS error pages not to display error information

  1. Go to the error pages - double click

  2. For the error code click edit feature code and then check custom error pages instead of detail error page and select the custom error page location.

  • No labels