Clever Geek Handbook

Limiting the HttpModule to only handle certain requests

We use directory browsing in a specific section of our site, but our users don't really like ASP.NET by default.

directory browsing. To be honest, we don't really care about that.

I came across the mvolo custom directory viewer module and I tried to use it. However, I found that if enabled in my root web.config, it allows directory browsing in all folders without a default page (as you would expect). If I set enabled = "false" to the root, it throws an HttpException that hits my generic error page, but every request throws an exception, for example when the requested page has additional images to request at load time.

As I believe (and I could be wrong) the default directory viewer only checks the activated attribute if there is no default folder and you are not requesting a specific file (e.g. mysite.com/images/ versus mysite.com/images/ logo.gif).

I've rebuilt the functionality of a custom module, but I can't figure out how to restrict the module to only complete execution in situations where directory lookup is needed if enabled, and not on a per-request basis. Here is a code snippet from the module:

    public void Init(HttpApplication app)
    {
        app.PreRequestHandlerExecute += new EventHandler(this.OnPreRequestHandlerExecute);
    }

    public void OnPreRequestHandlerExecute(object source, EventArgs e)
    {
        HttpApplication application = (HttpApplication)source;
        HttpContext context = application.Context;
        config = (DirectoryListingConfigSection)WebConfigurationManager.GetSection("directoryBrowsing", context.Request.Path);

        if (this.config == null)
        {
            throw new Exception("Missing <directoryBrowsing> configuration section.");
        }

        /* I only want to check this if it necessary, not for things 
           like mysite.com/images/logo.gif or mysite.com/about/history.aspx 
           -- those shouldn't give a 403 error */
        if (!config.Enabled)
        {
            context.Response.Status = "403 Forbidden";
        }

        /* The rest of the code goes below, and should only process 
           if Directory Browsing is necessary and enabled */
    }
+3


source to share


1 answer


Modules are executed on every request that goes through ASP.Net, there is no way to restrict calls in a module based on the request type.

You need to embed checks in the module's code in order to handle requests that are of interest to that module.



Depending on the stage, you should have access to most of the information about the request. At the time PreRequestHandlerExecute

you have all the possible information about the incoming request, including the Url, headers, and associated session state, if present.

+2


source






More articles:


All Articles