I created a web app on Azure. I am having issues adding additional html pages beyond an index. Is there something I'm missing? I've been searching to no avail.
Looks like you want to define your own start page name for the web app.
Files added to root path(aka wwwroot folder in kudu) can't be accessed with https://webappname.azurewebsites.net unless you set Default document in Application settings. Just add your file name in the list. The first matching file in the list is used.
If your page is deployed to a folder under root path, you also need to set Virtual applications and directories(also in Application settings). Change the physical path value from site\wwwroot to site\wwwroot\foldername.
Related
In one of my git repos, I've got a simple HTML website with the following folder structure:
repo root:
--reference
--developer-notes.txt
--i-am-not-website-code.txt
--i-am-not-meant-to-be-served-by-web-server.txt
--etc.txt
--src
--views
--index.html
--etc.html
--content
--foo.css
--etc.css
--images
--foo.png
--etc.png
--scripts
--foo.js
--etc.js
I just created a App Service Web App on Azure, configured it to pull the source out of my repo, and deployed it.
I made sure that the Application Settings -> Default Document list had an entry for the index.html file.
However, as understood, due to my folder structure, I can only view my website if I go to:
foo.azurewebsites.net/src/views/index.html
I cannot go just to:
foo.azurewebsites.net/
and see my index.html page.
Now, I can change my folder structure by putting my HTML pages in the root, to make the website appear at foo.azurewebsites.net/. But I was wondering if there was a way to not have to do that, esp. given that every repo also stores stuff other than the source code, for example in my case the Reference folder, and most repos have the source, which only one of the many artifacts, in the source folder.
Is there?
One thing you can do is to change the virtual path for your root application to point to your views folder in the Virtual applications and directories section of your Application settings. That way you will have foo.azurewebsites.net/ serve your index.html file.
Another thing you will have to do in this case, is to set the virtual application paths for your content and scripts folders (and the reference folder if you need to access it's content from the web) since they are not under your views folder.
Given your folder structure, it would look something like this:
I've created a new web site in IIS on my machine for testing purposes. Beneath the root I have a folder called documents where I have a bunch of pdf's that should be downloadable. However, when I hit the URL localhost:54510/documents/file.pdf I get a 404 error (Chrome, IE and Firefox).
I've added IIS_IUSRS permissions for the specified folders and the service is running since I can access my ASPNET WebApi - localhost:54510/api/whatever-service-function.
I can't grasp my head around what causes this.
PDF is specified in MIME-types as Application/pdf.
Another thing is, when I add the documents folder as a virtual directory in the Default web site then it works to download it from localhost:80/documents/file.pdf.
I have also tried to add the documents folder as a virtual directory in my web-site and set my local user as the authenticator to see if it had anything to do with permission.
I'm running on IIS 10.
Does anyone have any ideas?
I am working on a project that has us deploying to an Azure Web Site.
The code is overall working and now we are focusing more on security.
Right now we are having an issue that back end configuration files are visible with the direct URL.
Examples (Link won't work):
https://myapplication.azurewebsite.net/foldername/FileName.xml (this
file is in a folder that is contained within the root application)
https://myapplication.azurewebsite.net/vApp/FileName.css (this file
is a part of virtual application sub folder)
I have found this to be true with multiple extensions and locations.
Extensions like:
.css
.htm
.xml
.html
the list likely goes on
I understand that certain files are downloaded to the client side and that those can't be stopped. However backend XML files are something we don't pass to the client (especially if has connection strings).
I did read a similar article, Azure App Service Instrumentation Profiling?
However this didn't directly relate to my issue.
Any insight would extremely helpful.
Do not store sensitive information in flat files, especially under your site root. Even if you web.config it just right you're still one botched commit away from disaster.
Use Application Settings instead, that's what they're for.
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-configure
I have an asp.net project that I use for a couple different purposes. We have addresses that access the same virtual directory via different paths (use1.company.com and use2.company.com) I do not want to break the project up as they use similar functionality that seems redundant to have in two places. None the less as it stands use1.company.com/default.aspx and use2.company.com/default.aspx both are the same. I want to make it so that use2.company.aspx/default.aspx is not accessible. Is there a way to do that from the App Pool/Virtual Directory settings or do I just have to hope that external users dont type /default.aspx?
I know I can set the default document to like survey.aspx (purpose of the second url) but that does not prevent some savvy users from typing in default.aspx just to see what it does. Any assistance here would be great.
Since they point to the same .aspx file could you not include an if statement at the start of the file to grab the URL and if it includes use2 then go back?
So, I decided to try to break my website...I googled my site by typing in site:mysite.com/whatever and behold, all of the users uploaded files were available for view under a specific directory.
What kind of script/ counter measure should I use to block these files from being viewed? I already have a script that checks the path and the logged in status, however this doesn't seem to be working. I've looked all over for solutions...but I can't quite find one. I'm using ColdFusion 8.
This isn't a ColdFusion issue so much as a web server configuration issue.
You should either:
configure your web server not to show a directory of files when using a URL without a filename (e.g., http://www.example.com/files/)
drop a blank default web document (index.html, index.htm, default.htm, index.cfm, whatever) into that directory so that it displays that document rather than the list of files. If you use index.cfm, it'll fire your Application.cfm/cfc in your file path and use whatever other security you've built.
(or, better, do both)
The best way to secure your file listings and the files themselves is to store them in another folder outside of the Web site root folder. You can then serve them up using CFDIRECTORY and CFCONTENT. The pages that display the files can check your access controls and only serve the files to those allowed to see them.