I'd like to be able to place all my ASP Classic include files outside of the web root. This assures no include files can be called directly via the URL.
我希望能够将所有ASP Classic包含文件放在Web根目录之外。这确保不能通过URL直接调用包含文件。
What is the best way to accomplish this?
完成此任务的最佳方法是什么?
I know I can use a virtual directory to reference an includes folder outside of web root, but doesn't that still allow direct access to that directory via the URL? Perhaps I'm misunderstanding the nature of virtual directories.
我知道我可以使用虚拟目录来引用web根目录之外的包含文件夹,但是这还不允许通过URL直接访问该目录吗?也许我误解了虚拟目录的本质。
3 个解决方案
#1
2
Although not recommended, you could also enable the 'Enable parent paths' option in IIS, which will allow you to reference files outside the webroot via the include directive, as well as allow access via the filesystemobject. This is generally not recommended though, as it does pose a security risk.
虽然不推荐,但您也可以在IIS中启用“启用父路径”选项,这将允许您通过include指令引用webroot外部的文件,以及允许通过filesystemobject进行访问。但通常不建议这样做,因为它确实存在安全风险。
For directions on how to do this, check out the Enabling Parent Paths article on MSDN.
有关如何执行此操作的说明,请查看MSDN上的“启用父路径”一文。
It's been a while since I used Classic ASP, but generally, I'd only declare subroutines and functions in include files, and then call those from the main application code. This has the unintended side effect where if someone does guess the path to an include and accesses the file directly via their browser, it wouldn't actually do anything as no code is executed.
自从我使用Classic ASP已经有一段时间了,但一般来说,我只在包含文件中声明子程序和函数,然后从主应用程序代码中调用它们。这有意想不到的副作用,如果有人猜测包含的路径并直接通过浏览器访问文件,它实际上不会做任何事情,因为没有执行代码。
#2
2
From this article:
从这篇文章:
(I've never need to do this myself)
(我自己永远不需要这样做)
Understood. Make a virtual directory 'inside' your Default Web Site that points to the files 'outside' your working folder. In your code reference the virtual directory that points to the folder / files outside your normal structure. For example
了解。在默认网站“内部”创建一个虚拟目录,指向工作文件夹“外部”的文件。在您的代码中引用指向正常结构之外的文件夹/文件的虚拟目录。例如
Your default website is a local folder called c:\websites\example.com. Under example.com, all your folders and files. However, the files you want on a file server called FileServerA in a folder called D:\MyWebsiteIncludes. The UNC path is \FileServerA\D$\MyWebSiteIncludes or if you create a share on the folder, \FileServerA\MyWebsiteIncludes On the web server, create a virtual directory that maps to either share path. You'll need to make sure the proper credentials are configured to access the files on the remote server.
您的默认网站是名为c:\ websites \ example.com的本地文件夹。在example.com下,您的所有文件夹和文件。但是,在名为D:\ MyWebsiteIncludes的文件夹中,名为FileServerA的文件服务器上需要的文件。 UNC路径为\ FileServerA \ D $ \ MyWebSiteIncludes,或者如果您在文件夹上创建共享,\ FileServerA \ MyWebsiteIncludes在Web服务器上,创建映射到共享路径的虚拟目录。您需要确保配置正确的凭据以访问远程服务器上的文件。
#3
0
I was able to check the procedure mentioned in Diodeus' answer and it actually worked.
我能够检查Diodeus答案中提到的程序,它确实有效。
Example Files/Folders Setup:
E:\includes\
\include.asp
\another.asp
E:\websites\
\business-website.com\
\config.asp
\default.asp
\personal-website.com\
\config.asp
\default.asp
\whatever-website.com\
\config.asp
\default.asp
IIS Website Setup
business-website.com -> E:\websites\business-website.com\
v. dir /include -> E:\includes\
personal-website.com -> E:\websites\personal-website.com\
v. dir /include -> E:\includes\
whatever-website.com -> E:\websites\whatever-website.com\
v. dir /include -> E:\includes\
Note: virtual directories were not converted to applications.
注意:虚拟目录未转换为应用程序。
What works in the default.asp
Files in current directory:
<!-- #include file="config.asp" -->
Files in current directory (using virtual path):
<!-- #include virtual="/config.asp" -->
Files in include directory:
<!-- #include virtual="/include/include.asp" -->
What works in the virtually included include.asp
Files in current directory:
<!-- #include file="another.asp" -->
Files in current directory (using virtual path):
<!-- #include virtual="/include/another.asp" -->
Files in root application:
<!-- #include virtual="/config.asp" -->
This makes it much easier to consolidate all include files into one place.
这使得将所有包含文件合并到一个地方变得更加容易。
#1
2
Although not recommended, you could also enable the 'Enable parent paths' option in IIS, which will allow you to reference files outside the webroot via the include directive, as well as allow access via the filesystemobject. This is generally not recommended though, as it does pose a security risk.
虽然不推荐,但您也可以在IIS中启用“启用父路径”选项,这将允许您通过include指令引用webroot外部的文件,以及允许通过filesystemobject进行访问。但通常不建议这样做,因为它确实存在安全风险。
For directions on how to do this, check out the Enabling Parent Paths article on MSDN.
有关如何执行此操作的说明,请查看MSDN上的“启用父路径”一文。
It's been a while since I used Classic ASP, but generally, I'd only declare subroutines and functions in include files, and then call those from the main application code. This has the unintended side effect where if someone does guess the path to an include and accesses the file directly via their browser, it wouldn't actually do anything as no code is executed.
自从我使用Classic ASP已经有一段时间了,但一般来说,我只在包含文件中声明子程序和函数,然后从主应用程序代码中调用它们。这有意想不到的副作用,如果有人猜测包含的路径并直接通过浏览器访问文件,它实际上不会做任何事情,因为没有执行代码。
#2
2
From this article:
从这篇文章:
(I've never need to do this myself)
(我自己永远不需要这样做)
Understood. Make a virtual directory 'inside' your Default Web Site that points to the files 'outside' your working folder. In your code reference the virtual directory that points to the folder / files outside your normal structure. For example
了解。在默认网站“内部”创建一个虚拟目录,指向工作文件夹“外部”的文件。在您的代码中引用指向正常结构之外的文件夹/文件的虚拟目录。例如
Your default website is a local folder called c:\websites\example.com. Under example.com, all your folders and files. However, the files you want on a file server called FileServerA in a folder called D:\MyWebsiteIncludes. The UNC path is \FileServerA\D$\MyWebSiteIncludes or if you create a share on the folder, \FileServerA\MyWebsiteIncludes On the web server, create a virtual directory that maps to either share path. You'll need to make sure the proper credentials are configured to access the files on the remote server.
您的默认网站是名为c:\ websites \ example.com的本地文件夹。在example.com下,您的所有文件夹和文件。但是,在名为D:\ MyWebsiteIncludes的文件夹中,名为FileServerA的文件服务器上需要的文件。 UNC路径为\ FileServerA \ D $ \ MyWebSiteIncludes,或者如果您在文件夹上创建共享,\ FileServerA \ MyWebsiteIncludes在Web服务器上,创建映射到共享路径的虚拟目录。您需要确保配置正确的凭据以访问远程服务器上的文件。
#3
0
I was able to check the procedure mentioned in Diodeus' answer and it actually worked.
我能够检查Diodeus答案中提到的程序,它确实有效。
Example Files/Folders Setup:
E:\includes\
\include.asp
\another.asp
E:\websites\
\business-website.com\
\config.asp
\default.asp
\personal-website.com\
\config.asp
\default.asp
\whatever-website.com\
\config.asp
\default.asp
IIS Website Setup
business-website.com -> E:\websites\business-website.com\
v. dir /include -> E:\includes\
personal-website.com -> E:\websites\personal-website.com\
v. dir /include -> E:\includes\
whatever-website.com -> E:\websites\whatever-website.com\
v. dir /include -> E:\includes\
Note: virtual directories were not converted to applications.
注意:虚拟目录未转换为应用程序。
What works in the default.asp
Files in current directory:
<!-- #include file="config.asp" -->
Files in current directory (using virtual path):
<!-- #include virtual="/config.asp" -->
Files in include directory:
<!-- #include virtual="/include/include.asp" -->
What works in the virtually included include.asp
Files in current directory:
<!-- #include file="another.asp" -->
Files in current directory (using virtual path):
<!-- #include virtual="/include/another.asp" -->
Files in root application:
<!-- #include virtual="/config.asp" -->
This makes it much easier to consolidate all include files into one place.
这使得将所有包含文件合并到一个地方变得更加容易。