Why IIS is still blocking Web.config even after setting denyUrlSequences and fileExtensions?

Question

One of the IIS sites I manage forwards all the requests to Apache. This means that any request, including requests to files such as .config, should be forwarded.

<security>
    <requestFiltering>
        <denyUrlSequences>
            <clear />
        </denyUrlSequences>
        <fileExtensions allowUnlisted="true">
            <clear />
            <add fileExtension=".config" allowed="true" />
        </fileExtensions>
    </requestFiltering>
</security>

doesn't help, since IIS is still blocking .config files. What should I do?

score -1 · Accepted Answer · answered Jun 18 '13 at 21:54

-1

The missing part is:

<hiddenSegments applyToWebDAV="false">
    <clear />
</hiddenSegments>

After adding this block to security/requestFiltering, files with .config extension can be served by IIS.

answered Jun 18 '13 at 21:54

Arseni Mourzenko

2,165
5
23
41

Why IIS is still blocking Web.config even after setting denyUrlSequences and fileExtensions?

1 Answers1