网站web.config和asp.net添加安全过滤
广告:
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".php" allowed="false" />
<add fileExtension=".asp" allowed="false" />
</fileExtensions>
<denyQueryStringSequences>
<add sequence="'" />
<add sequence=";--" />
<add sequence="union" />
<add sequence="or 1=1" />
<add sequence="drop table" />
<add sequence="xp_cmdshell" />
<add sequence="OR" />
<add sequence="AND" />
<add sequence="+" />
<add sequence="*" />
<add sequence="--" />
<add sequence="%20OR" />
<add sequence="%20AND" />
<add sequence="%2D" />
<add sequence="%2B" />
</denyQueryStringSequences>
<denyUrlSequences>
<add sequence="'" />
<add sequence=";--" />
<add sequence="union" />
<add sequence="or 1=1" />
<add sequence="drop table" />
<add sequence="xp_cmdshell" />
</denyUrlSequences>
<hiddenSegments>
<add segment="php" />
</hiddenSegments>
<filteringRules>
<filteringRule name="拦截路径内的php后缀" scanUrl="true" scanQueryString="false">
<denyStrings>
<add string="/.php" />
</denyStrings>
</filteringRule>
</filteringRules>
</requestFiltering>
</security>
</system.webServer>
广告:


