I need to disable my IIS server serving out certain files, i stumbled across Request Filtering but for some reason i cant get it to work on a per site basis. I believe that my website is inheriting and having its settings overridden by the global IIS config in applicationHost.config
I would like to place something along the lines of the following in the System.web section of the sites config file.
<security> <requestFiltering> <fileExtensions> <add fileExtension=".xml" allowed="false" /> </fileExtensions> </requestFiltering> </security> This does not seem to work however and you may still access .xml files, also attempting to set Hidden Segments has the same effect.
I have done quote a bit of research to no avail and made some changes to the applicationHost.config of IIS
<section name="requestFiltering" overrideModeDefault="Allow" /> (this was for the correct section group of system.webServer")
I also ran the following command wich just seems to remove all the settings from the applicationHost.config but still has no effect
C:\Windows\System32\inetsrv>appcmd.exe unlock config -section:system.webServer/security/requestFiltering All the answers i have come across seem to focus on doing the reverse and enabling IIS to serve static files, i would like to do the exact opposite with a server that seems to serve out all files already.
