ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

Users cannot block /aux/ using IIS.

Open csanders-git opened this issue 9 years ago • 4 comments

When a user using ModSecurity for IIS tries to deny access to a reserved folder URL - the log indicates that it blocked the site successfully, but a 500-level error is always reported.

There are several other extensions that this effects too. http://blog.onetechnical.com/2006/11/16/forbidden-file-and-folder-names-on-windows/

csanders-git avatar Mar 11 '16 22:03 csanders-git

matt

csanders-git avatar Mar 11 '16 22:03 csanders-git

@csanders-git is this related to this specific version of IIS or it is something that is a problem in all versions that we support?

zimmerle avatar Mar 16 '16 13:03 zimmerle

All versions of IIS

csanders-git avatar Mar 16 '16 14:03 csanders-git

@csanders-git,

Is this still a real issue?

martinhsv avatar Jan 24 '22 21:01 martinhsv