联系我们
新闻建站cms系统、政府cms系统定制开发

广州网站建设公司-阅速公司

asp.net新闻发布系统、报纸数字报系统方案
/
http://www.ysneo.com/
广州网站建设公司
您当前位置:首页>网站技术

新闻动态

网站技术

asp.net网站在web.config添加防注入代码

发布时间:2015/2/2 14:54:01  作者:Admin  阅读:496  

广告:阿里云采购优惠专区

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

<system.webServer>

<defaultDocument>

<files>

<remove value="index.htm" />

<remove value="index.html" />

<remove value="Default.htm" />

<remove value="Default.asp" />

<remove value="iisstart.htm" />

<add value="index.html" />

<add value="index.asp" />

</files>

</defaultDocument>

<security>

<requestFiltering>

<denyQueryStringSequences>

<add sequence="'" />

<add sequence="select" />

<add sequence="insert" />

<add sequence="union" />

<add sequence="load_file" />

<add sequence="outfile" />

<add sequence="into" />

<add sequence=";" />

<add sequence="0x27" />

<add sequence="%3b" />

<add sequence="exec" />

<add sequence="--" />

<add sequence="%20" />

<add sequence="%" />

<add sequence="or" />

<add sequence="exists" />

<add sequence="eval" />

<add sequence=")" />

</denyQueryStringSequences>

<fileExtensions>

<add fileExtension=".exe" allowed="false" />

<add fileExtension=".cmd" allowed="false" />

<add fileExtension=".com" allowed="false" />

<add fileExtension=".bat" allowed="false" />

</fileExtensions>

<filteringRules>

<filteringRule name="deny_sql_injetction" scanUrl="true" scanQueryString="false">

<scanHeaders>

<clear />

<add requestHeader="http" />

</scanHeaders>

<appliesTo>

<clear />

<add fileExtension=".asp" />

<add fileExtension=".aspx" />

<add fileExtension=".js" />

<add fileExtension=".xml" />

<add fileExtension=".html" />

</appliesTo>

<denyStrings>

<clear />

<add string="%3b" />

<add string="exec" />

<add string="select" />

<add string="delete" />

<add string="union" />

<add string="--" />

<add string="@" />

<add string="alter" />

<add string="begin" />

<add string="cast" />

<add string="convert" />

<add string="drop" />

<add string="end" />

<add string="insert" />

<add string="kill" />

<add string="sys" />

<add string="update" />

<add string="%20" />

<add string="&amp;quot;" />

<add string="&lt;" />

<add string=">" />

<add string="&amp;lt;" />

<add string="&amp;gt;" />

</denyStrings>

</filteringRule>

</filteringRules>

</requestFiltering>

</security>

</system.webServer>

</configuration>

广告:阿里云新人采购专场

分享到: QQ空间 微信 新浪微博
相关文章
security
web.config
cms新闻系统购买咨询
扫描关注 广州阅速软件科技有限公司
扫描关注 广州阅速科技