Urls/lpt1和/com1导致IIS呈现其自己的死亡屏幕 [英] Urls /lpt1 and /com1 cause IIS to render its own screen of death
问题描述
运行最近的SkipFish扫描时-我们发现,如果您调用/lptX或/comX(其中X是1-9的数字),则IIS(7.5)将返回以下内容.
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you ...[and so on]...
这与事实相反,我们在网站级别和Web服务器配置级别存在自定义[pretty]错误.
如果有一个,请立即在IIS框中尝试使用- http://localhost/lpt1 应该可以. /p>
我猜想这是LPT打印机和鼠标通过COM端口连接的好日子"的遗留物.但是,看到我无法配置的IIS和区域有些令人不安.
是否可以强制IIS为这些特殊" URL提供自定义404页面?
在ASP.NET 4.0之前,无法使用某些保留的文件名,例如con,lpt,aux等.网址:
这是ASP.NET的限制,而不是MVC.
然而,好消息是现在有可能:
如果您未使用ASP.NET 4.0,则应该能够使用IIS7自己的 <httpErrors> 配置设置.
When running a recent SkipFish scan - we found that IIS (7.5) returns the following if you call /lptX or /comX (where X is a number 1-9).
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you ...[and so on]...
This is dispite the fact that we have custom [pretty] errors at the site-level and at the web server config level.
Try it on your IIS box now if you have one - http://localhost/lpt1 should do it.
I'm guessing this is a legacy thing from 'the good ol days' of LPT printers and mice connecting via COM ports. But it is slightly unsettling to see and area of IIS that I can't config.
Is it possible to force IIS to serve a custom 404 page even for these 'special' URLs?
Until ASP.NET 4.0 it wasn't possible to use certain reserved filenames such as con, lpt, aux and so in on your urls:
This was a limitation of ASP.NET, not MVC.
However the good news is that it's now possible:
If you're not using ASP.NET 4.0, you should be able to catch these 404's using IIS7's own <httpErrors> configuration settings.
这篇关于Urls/lpt1和/com1导致IIS呈现其自己的死亡屏幕的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
