|
|
Currently we have a client that’s trying to block access to many different files due to a pentest that was done where these files could be accessed given their name. This client is already using the AllowDirectoryBrowsing=0 feature, but they are trying to also use ProtectedResources to block access to files. The problem is that there are so many needed to be specified. Is there a way to specify some flag to recursively block files given a folder or a wildcard character that could be used to block access to files matching a condition?
Examples (including, but not limited to):
Block access to all Root/bin and Root/classes files (as a recursive example).
Also maybe something like block access to all .bat or Root/classes/.ini files (as a wildcard example). Think he already tried to use an asterisk similar to this, but it wasn’t working that way.
