I have a Windows 2008 R2 server with IIS7.5 installed.
I need to provide users with read-write access to some directory tree via WebDAV. The same users will also be able to reach the same directories by other means – FTP, SFTP, CIFS, etc.
My aim: I don't want someone to be able to upload / modify web.config files in the published folders, thus modifying behavior of IIS. If such file is created, IIS should simply treat it as any other file.
Is it possible to concentrate all settings for the site in the applicationHost.config or in any other file outside the published tree, and make IIS ignore any additional web.config files?
Thanks!
Best Answer
Found the relevant setting - it's called allowSubDirConfig. It can be specified either in
virtualDirectoryDefaults
element (for all sites) or invirtualDirectory
element, in theapplicationHost.config
file.Example:
web.config
files under /Temp virtual directory won't be checked.There are some other ways as well: http://www.sourceinaction.com/blog/web.config-dependencies-for-multiple-asp.net-web-applications