requestFiltering Element for security [IIS 7 Settings Schema]
| Note: |
|---|
For more information about the RequestFiltering element, see the following topic on the Microsoft IIS.net Web site: Request Filtering <requestFiltering>. |
Specifies configuration settings for request filtering.
The following sections describe attributes, child elements, and parent elements for this section.
Attributes
|
Attribute |
Description |
|---|---|
|
allowDoubleEscaping |
Optional Boolean attribute. Specifies whether to allow URLs with double escape characters. The default value is false. |
|
allowHighBitCharacters |
Optional Boolean attribute. Specifies whether to allow non-ASCII characters in URLs. The default value is true. |
Child Elements
|
Element |
Description |
|---|---|
|
fileExtensions |
Optional element. Specifies which file name extensions are allowed or denied to limit types of requests sent to the Web server. |
|
filteringRules |
Optional element. Specifies a collection of custom request filtering rules. Note:This element was added in IIS 7.5. |
|
requestLimits |
Optional element. Specifies limits on requests processed by the Web server. |
|
verbs |
Optional element. Specifies which HTTP verbs are allowed or denied to limit types of requests sent to the Web server. |
|
hiddenSegments |
Optional element. Specifies that certain segments of URLs can be made inaccessible to clients. |
|
denyUrlSequences |
Optional element. Specifies sequences that should be denied to help prevent URL-based attacks on the Web server. |
Parent Elements
|
Element |
Description |
|---|---|
|
configuration |
Specifies the root element in every configuration file that is used by IIS 7. |
|
system.webServer |
Specifies the top-level section group (in ApplicationHost.config) in which this element is defined. |
|
security |
Specifies the section group that contains security-related sections. |
For more information about the RequestFiltering element, see the following topic on the Microsoft IIS.net Web site: Request Filtering <requestFiltering>.