Stop page access

0
0

Hi,

is it possible to avoid user to access directly to :

https://Mywisejsite/download.wx

Our users are trying to download source file using this direct link, so we would block it and use this page only to download specific file after custom autentication and using specific button command.

they are using something like this:

GET /Mywisejsite/download.wx?x=ewAiAGYAaQBsAGUAIgA6ACIAQwA6AFwAXABpAG4AZQB0AHAAdQBiAFwAXAB3AHcAdwByAG8AbwB0AFwAXABNAGsAaQBpAEYAbwByAFcAZQBiAFwAXABFAHgAcABvAHIAdABQAEQAZgBcAFwAYQBhAGEAYQAuAHAAZABmACIALAAiAG4AYQBtAGUAIgA6ACIAYQBhAGEAYQAuAHAAZABmACIAfQA=

after sniffig traffic during download. So ,if they change the Base64 string command it is possible to download all files.

Thank you in advance

Nello Pernice

  • You must to post comments
0
0

It’s not possible to download all files. Just the files deployed at the root of the web site, like any web site (where the url in clear), and in temp files created by wisej to download streams then deleted. Used to be possible and even traverse (!) but it was flagged as a security issue and fixed several builds ago.

Wisej blocks anything in /bin and /App_Data and anything outside of the web site root and any “.config”, “.dll”, “.ini”, “.exe”, “.so”.

If you want to take over download.wx you can register an HttpHandler in web.config mapped to download.wx.

 

  • You must to post comments
Showing 1 result
Your Answer

Please first to submit.