Parent Paths

N

news.microsoft.com

If I've enabled Parent Paths (PP) in IIS, but have installed the URL Filter
and disallowed ".." and "../" within links, am I covered from the
vulnerabilities of PP's?

This allows me to use PP's in #Include statements, but doesn't allow
visitors to use PP's in their links to access directories on my server.

Is this correct?

TIA
 
M

Mike

Yes, it does work. I was just wondering if there were any other
vulnerabilities that I might have missed (in regards to using Parent Paths)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IIs7: "enable parent paths" disabled by default why? 1
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
Server.MapPath - Parent Paths Disabled - Windows 2003 IIS 6 - WorkAround 23
Virtual Directory, Paths, Local and Deployed Problem 8
IIS6 500 Server Error Include File Not Found when running an asp script. 9
[ANN] webgen 0.5.9 released 0
Blocking parent paths (ASP.NET equivalent) 1
Parent directory dilemma 5

Members online

No members online now.
Total: 28 (members: 0, guests: 28)
Robots: 445

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top