CrnaStena CrnaStena - 1 month ago 13
ASP.NET (C#) Question

Should package.json be blocked by web server (IIS)

If I try to access

web.config
server returns
HTTP Error 404.8 - Not Found
(The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.)

If I try to access
packages.config
server returns
HTTP Error 404.7 - Not Found
(The request filtering module is configured to deny the file extension.)

Now I get why those two are blocked/filtered. But I am not sure why package.json is not.


  1. Could somebody explain the reason for it?

  2. If it should be blocked how do I go about it, so it does not affect other
    .json
    files that do need be served by the Web Server (IIS)?


Answer

Just add it to web.config's hiddenSegments section:

<system.webServer>
<security>
  <requestFiltering>
    <hiddenSegments>
      <add segment="package.json" />
    </hiddenSegments>
  </requestFiltering>
</security>
</system.webServer>

More details about hiddenSegments available here