Last active
June 17, 2019 15:04
-
-
Save marcbarry/56afe3c14318048427aa to your computer and use it in GitHub Desktop.
complete security hardening web.config template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <system.web> | |
| <deployment retail="true" /> | |
| </system.web> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <system.web> | |
| <trace enabled="false" /> | |
| <compilation debug="false" /> | |
| <sessionState cookieName="s" /> | |
| <httpRuntime enableVersionHeader="false" /> | |
| <httpCookies httpOnlyCookies="false" requireSSL="false" /> | |
| </system.web> | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <remove name="Server" /> | |
| <remove name="X-Powered-By" /> | |
| <remove name="X-AspNet-Version" /> | |
| </customHeaders> | |
| </httpProtocol> | |
| <httpErrors errorMode="Custom"> | |
| <remove statusCode="502" subStatusCode="-1" /> | |
| <remove statusCode="501" subStatusCode="-1" /> | |
| <remove statusCode="500" subStatusCode="-1" /> | |
| <remove statusCode="412" subStatusCode="-1" /> | |
| <remove statusCode="406" subStatusCode="-1" /> | |
| <remove statusCode="405" subStatusCode="-1" /> | |
| <remove statusCode="404" subStatusCode="-1" /> | |
| <remove statusCode="403" subStatusCode="-1" /> | |
| <remove statusCode="401" subStatusCode="-1" /> | |
| <remove statusCode="400" subStatusCode="-1" /> | |
| <error statusCode="400" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="401" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="402" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="403" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="404" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="405" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="406" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="412" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="500" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="501" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| <error statusCode="502" subStatusCode="-1" path="/error-handler.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL" /> | |
| </httpErrors> | |
| <handlers> | |
| <remove name="TraceHandler-Integrated-4.0" /> | |
| <remove name="TraceHandler-Integrated" /> | |
| <remove name="AssemblyResourceLoader-Integrated-4.0" /> | |
| <remove name="AssemblyResourceLoader-Integrated" /> | |
| <remove name="WebAdminHandler-Integrated-4.0" /> | |
| <remove name="WebAdminHandler-Integrated" /> | |
| <remove name="HttpRemotingHandlerFactory-soap-ISAPI-2.0-64" /> | |
| <remove name="svc-ISAPI-4.0_32bit" /> | |
| <remove name="ScriptHandlerFactoryAppServices-Integrated-4.0" /> | |
| <remove name="ScriptResourceIntegrated-4.0" /> | |
| <remove name="svc-ISAPI-4.0_64bit" /> | |
| <remove name="svc-Integrated-4.0" /> | |
| <remove name="vbhtm-ISAPI-4.0_32bit" /> | |
| <remove name="vbhtm-ISAPI-4.0_64bit" /> | |
| <remove name="vbhtm-Integrated-4.0" /> | |
| <remove name="vbhtml-ISAPI-4.0_32bit" /> | |
| <remove name="vbhtml-ISAPI-4.0_64bit" /> | |
| <remove name="vbhtml-Integrated-4.0" /> | |
| <remove name="xamlx-ISAPI-4.0_32bit" /> | |
| <remove name="xamlx-ISAPI-4.0_64bit" /> | |
| <remove name="xamlx-Integrated-4.0" /> | |
| <remove name="xoml-ISAPI-4.0_32bit" /> | |
| <remove name="xoml-ISAPI-4.0_64bit" /> | |
| <remove name="xoml-Integrated-4.0" /> | |
| <remove name="HttpRemotingHandlerFactory-rem-Integrated-4.0" /> | |
| <remove name="HttpRemotingHandlerFactory-rem-ISAPI-2.0" /> | |
| <remove name="rules-ISAPI-4.0_32bit" /> | |
| <remove name="rules-Integrated-4.0" /> | |
| <remove name="HttpRemotingHandlerFactory-soap-Integrated" /> | |
| <remove name="HttpRemotingHandlerFactory-soap-ISAPI-2.0" /> | |
| <remove name="HttpRemotingHandlerFactory-soap-ISAPI-4.0_64bit" /> | |
| <remove name="HttpRemotingHandlerFactory-soap-Integrated-4.0" /> | |
| <remove name="HttpRemotingHandlerFactory-soap-ISAPI-4.0_32bit" /> | |
| <remove name="rules-ISAPI-4.0_64bit" /> | |
| <remove name="HttpRemotingHandlerFactory-rem-ISAPI-2.0-64" /> | |
| <remove name="HttpRemotingHandlerFactory-rem-Integrated" /> | |
| <remove name="HttpRemotingHandlerFactory-rem-ISAPI-4.0_32bit" /> | |
| <remove name="HttpRemotingHandlerFactory-rem-ISAPI-4.0_64bit" /> | |
| <remove name="AXD-ISAPI-2.0-64" /> | |
| <remove name="cshtml-ISAPI-4.0_64bit" /> | |
| <remove name="cshtml-Integrated-4.0" /> | |
| <remove name="cshtm-Integrated-4.0" /> | |
| <remove name="cshtml-ISAPI-4.0_32bit" /> | |
| <remove name="cshtm-ISAPI-4.0_64bit" /> | |
| <remove name="cshtm-ISAPI-4.0_32bit" /> | |
| <remove name="AXD-ISAPI-4.0_64bit" /> | |
| <remove name="AXD-ISAPI-2.0" /> | |
| <remove name="AXD-ISAPI-4.0_32bit" /> | |
| <remove name="PageHandlerFactory-ISAPI-2.0-64" /> | |
| <remove name="PageHandlerFactory-ISAPI-2.0" /> | |
| <remove name="PageHandlerFactory-ISAPI-4.0_64bit" /> | |
| <remove name="PageHandlerFactory-ISAPI-4.0_32bit" /> | |
| <remove name="aspq-ISAPI-4.0_64bit" /> | |
| <remove name="aspq-Integrated-4.0" /> | |
| <remove name="WebServiceHandlerFactory-ISAPI-2.0" /> | |
| <remove name="aspq-ISAPI-4.0_32bit" /> | |
| <remove name="WebServiceHandlerFactory-Integrated-4.0" /> | |
| <remove name="WebServiceHandlerFactory-Integrated" /> | |
| <remove name="SimpleHandlerFactory-ISAPI-4.0_64bit" /> | |
| <remove name="SimpleHandlerFactory-Integrated-4.0" /> | |
| <remove name="SimpleHandlerFactory-Integrated" /> | |
| <remove name="SimpleHandlerFactory-ISAPI-2.0" /> | |
| <remove name="SimpleHandlerFactory-ISAPI-2.0-64" /> | |
| <remove name="WebServiceHandlerFactory-ISAPI-4.0_32bit" /> | |
| <remove name="WebServiceHandlerFactory-ISAPI-4.0_64bit" /> | |
| <remove name="WebServiceHandlerFactory-ISAPI-2.0-64" /> | |
| <remove name="SimpleHandlerFactory-ISAPI-4.0_32bit" /> | |
| <remove name="ISAPI-dll" /> | |
| <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" /> | |
| <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" /> | |
| <remove name="OPTIONSVerbHandler" /> | |
| <remove name="TRACEVerbHandler" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering allowHighBitCharacters="false"> | |
| <verbs allowUnlisted="false"> | |
| <add verb="GET" allowed="true" /> | |
| <add verb="POST" allowed="true" /> | |
| </verbs> | |
| </requestFiltering> | |
| </security> | |
| </system.webServer> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment