如何限制指定的文件类型的下载 [英] How to restrict download of specified file types

问题描述

我想限制使.txt文件不能下载/显示我的web应用程序。
这是不是我可以在我的web.config文件中设置？

I want to restrict my web app so that .txt files can not be downloaded/shown. Is this something I can set up in my web.config file?

我在配置文件中尝试这样做：

I tried this in my config file:

<system.web>
    <httpHandlers>
        <add verb="*" path="*.txt" type="System.Web.HttpForbiddenHandler" />
    </httpHandlers>
</system.web>

...但它没有任何效果。我使用的IIS7和应用是.NET3.5，可能这有什么关系呢？我知道，这实际上对于.NET 1.0 1.1和2.0工作。

...but it had no effect. I am using IIS7 and application is .NET3.5, could this have something to do with it? I know this would actually work for .NEt 1.0 1.1 and 2.0.

我为这个文档中发现（添加HttpHandlers的），在要求部分：

I noticed in the documentation for this (add httpHandlers), the Requirements section:

Microsoft Internet信息服务（IIS）5.0版，5.1或6.0结果
  在.NET Framework 1.0版，1.1或2.0结果
  微软的Visual Studio 2003或Visual Studio 2005

Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0
The .NET Framework version 1.0, 1.1, or 2.0
Microsoft Visual Studio 2003 or Visual Studio 2005

...这表明这不是在.NET支持3和IIS7 ...

...which indicates that this is not supported in .NET 3 and IIS7...

哪里是这IIS7规定？

Where is this specified in IIS7?

推荐答案

就如何实现这一目标此MS支持文章请看：的如何：使用ASP.NET来保护文件类型

Take a look at this MS Support article on how to achieve this: HOW TO: Use ASP.NET to Protect File Types.

它必须设置IIS转发这些请求到ASP.NET，然后设置你的web.config阻止的文件类型，如：（注意这适用于您的开发计算机和IIS7前 - 一定要看清如下图）

It involves setting up IIS to forward those requests to ASP.NET and then setting up your web.config to block the desired file types, such as: (nb this works for your dev machine and before IIS7 - be sure to see below)

<system.web>
    <httpHandlers>
        <add verb="*" path="*.ini" type="System.Web.HttpForbiddenHandler" />
    </httpHandlers>
</system.web>

按照 HttpHandlers的元素页，以下扩展名默认情况下，禁止为.NET 2.0（.INI是不是其中之一）：

According to the httpHandlers Element page, the following extensions are forbidden by default as of .NET 2.0 (.ini is not one of them):

*。ASAX，*的.ascx，*的.master，*。皮肤，* .browser，* .sitemap，* .config文件，*的.cs，* .csproj的，*的.vb，* .vbproj，* .webinfo * .licx，*的.resx，*的.resources，* .MDB，* .vjsproj，*的.java，* .jsl，* .LDB，* .dsdgm，* .ssdgm，* .lsad，* .ssmap，* .CD，* .dsprototype，* .lsaprototype，* .sdm，* .sdmDocument，*密度纤维板，* .LDF

*.asax, *.ascx, *.master, *.skin, *.browser, *.sitemap, *.config, *.cs, *.csproj, *.vb, *.vbproj, *.webinfo, *.licx, *.resx, *.resources, *.mdb, *.vjsproj, *.java, *.jsl, *.ldb, *.dsdgm, *.ssdgm, *.lsad, *.ssmap, *.cd, *.dsprototype, *.lsaprototype, *.sdm, *.sdmDocument, *.mdf, *.ldf

编辑：在此之前适用于IIS版本到IIS 7.0。 IIS 7.0中增加了一个额外的操作模式，称为集成模式（默认用于ASP.NET），这需要处理被放置在＆LT; system.webServer＆GT; /＆LT;处理＆GT; 而不是＆LT的;＆的System.Web GT; /＆LT;＆HttpHandlers的GT; 。我说这个页面上一些更多的信息和链接，@敬畏的回答，检查它的更多细节。

this applies to IIS versions prior to IIS 7.0. IIS 7.0 adds an additional operating mode, called Integrated Mode (default for ASP.NET), which requires handlers to be placed in <system.webServer>/<handlers> instead of <system.web>/<httpHandlers>. I added some more info and links to @awe's answer on this page, check it out for more details.

重要！对于IIS 7.0或更高版本

如您需要将编辑指定的＆LT;添加＆gt; 在不同的地方元素的和规则需要一个名字太的 - 如果你不指定一个名称，再启动时，你会得到一个500内部错误

As specified in the edit you need to place the <add> element in a different place and the rule needs a name too - if you dont specify a name you will get a 500 Internal Error when restarting

  <system.webServer>
        <handlers>
            <add name="IgnoreIni" verb="*" path="*.ini" type="System.Web.HttpForbiddenHandler" />
        </handlers>
    </system.webServer>

这篇关于如何限制指定的文件类型的下载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！