Community Add-Ons

Maintainers: ramseyb
Add file to this package
Top » Images

web.config file to protect against unwanted files being executed in/from the images folder (Windows IIS 7,7.5,8)
for osCommerce Online Merchant v2.2

Download
by ramseyb / 20 Apr 2012

Windows IIS 7,7.5,8 Image Dir Hack Protection

Download unzip and place the web.config file in your oscommece image directory to block files such as .php. To add additonal extensions add additional lines to the code.

<add fileExtension=".ADDext" allowed="false" />

web.config file source code:

<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<add fileExtension=".inc" allowed="false" />
<add fileExtension=".php" allowed="false" />
<add fileExtension=".htaccess" allowed="false" />
<add fileExtension=".htpasswd" allowed="false" />
<add fileExtension=".js" allowed="false" />
<add fileExtension=".ini" allowed="false" />
<add fileExtension=".phps" allowed="false" />
<add fileExtension=".fla" allowed="false" />
<add fileExtension=".psd" allowed="false" />
<add fileExtension=".log" allowed="false" />
<add fileExtension=".sh" allowed="false" />
<add fileExtension=".pl" allowed="false" />
<add fileExtension=".cgi" allowed="false" />
<add fileExtension=".jsp" allowed="false" />
<add fileExtension=".sql" allowed="false" />
<add fileExtension=".txt" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
</configuration>

Legend:  Download   Report

Expand All / Collapse All

web.config file to protect against unwanted files being executed in/from the images folder (Windows IIS 7,7.5,8) ramseyb 20 Apr 2012  

Windows IIS 7,7.5,8 Image Dir Hack Protection

Download unzip and place the web.config file in your oscommece image directory to block files such as .php. To add additonal extensions add additional lines to the code.

<add fileExtension=".ADDext" allowed="false" />

web.config file source code:

<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<add fileExtension=".inc" allowed="false" />
<add fileExtension=".php" allowed="false" />
<add fileExtension=".htaccess" allowed="false" />
<add fileExtension=".htpasswd" allowed="false" />
<add fileExtension=".js" allowed="false" />
<add fileExtension=".ini" allowed="false" />
<add fileExtension=".phps" allowed="false" />
<add fileExtension=".fla" allowed="false" />
<add fileExtension=".psd" allowed="false" />
<add fileExtension=".log" allowed="false" />
<add fileExtension=".sh" allowed="false" />
<add fileExtension=".pl" allowed="false" />
<add fileExtension=".cgi" allowed="false" />
<add fileExtension=".jsp" allowed="false" />
<add fileExtension=".sql" allowed="false" />
<add fileExtension=".txt" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
</configuration>