Sometimes umbraco shows the name of the xslt file when an error occurs, displaying the path to it. Then, you can access the file by just simply copying it and pasting its path in the address bar of the browser.
Is there a way to hide the /xslt/ folder (and its content) from navigation? It would be useful for other folders too.
We are running umbraco on Windows Server 2008 R2 and SQL Server 2008, .NET 3.5.
You can add some code to your web.config file to forbid direct access to anything with the .xslt extension (note, if using IIS6 or IIS7 in classic mode you will need to map the .xslt extension to asp.net). The code you add is:
Which goes inside the <HttpHandlers> section of your web.config file. If you try and access .xslt files directly on the site, it'll throw a HTTP Forbidden Error.
Hidding xslt folder from navigation
Sometimes umbraco shows the name of the xslt file when an error occurs, displaying the path to it. Then, you can access the file by just simply copying it and pasting its path in the address bar of the browser.
Is there a way to hide the /xslt/ folder (and its content) from navigation? It would be useful for other folders too.
We are running umbraco on Windows Server 2008 R2 and SQL Server 2008, .NET 3.5.
thanks,
Nico.
Will it work if I add it to the umbracoReservedPaths in the web.config?
No, it didn't. (sorry)
You could configure IIS so that it does not serve raw xslt-files I guess
If people would try to access it directly, it would then throw a 404.
Peter
You can add some code to your web.config file to forbid direct access to anything with the .xslt extension (note, if using IIS6 or IIS7 in classic mode you will need to map the .xslt extension to asp.net). The code you add is:
<add path="*.xslt" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" />
Which goes inside the <HttpHandlers> section of your web.config file. If you try and access .xslt files directly on the site, it'll throw a HTTP Forbidden Error.
Hope that helps!
is working on a reply...