[ticket/9520] New web.config file as suggested by Microsoft using request filter

PHPBB3-9520
2025-06-27 21:58:52 +00:00 · 2010-04-28 19:20:54 +01:00 · 2010-04-28 19:20:54 +01:00 · 8612fc23d4
commit 8612fc23d4
parent e11e53e11b
1 changed files with 20 additions and 12 deletions
--- a/phpBB/web.config
+++ b/phpBB/web.config
@ -1,17 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
 	<system.webServer>
-		<rewrite>
-			<rules>
-				<rule name="phpBB config.php Rule" patternSyntax="Wildcard" stopProcessing="true">
-					<match url="*config.php" />
-					<action type="AbortRequest" />
-				</rule>
-				<rule name="phpBB common.php Rule" patternSyntax="Wildcard" stopProcessing="true">
-					<match url="*common.php" />
-					<action type="AbortRequest" />
-				</rule>
-			</rules>
-		</rewrite>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="cache" />
+					<add segment="files" />
+					<add segment="store" />
+				</hiddenSegments>
+			</requestFiltering>
+		</security>
 	</system.webServer>
+	<location path="images/avatars">
+		<system.webServer>
+			<security>
+				<requestFiltering>
+					<hiddenSegments>
+						<add segment="upload" />
+					</hiddenSegments>
+				</requestFiltering>
+			</security>
+		</system.webServer>
+	</location>
 </configuration>