To disable downloading protected resources and files over HTTP, map these resources and files to ASP. NET's HttpForbiddenHandler.
Map protected resources to HttpForbiddenHandler
The HTTP handler is located under the
The following file extensions are mapped to the HTTP handler in Machine. config:
. Aspx is used for ASP. NET pages.
. Rem and. soap are used for remote processing.
. Asmx is used for Web Services.
Asax ,. ascx ,. config ,. cs ,. csproj ,. vb ,. vbproj ,. webinfo ,. asp ,. licx ,. resx and. resources are protected resources mapped to System. web. httpForbiddenHandler.
For. NET Framework resources, if the file extension is not used, the extension is mapped to System. Web. HttpForbiddenHandler in Machine. config, as shown in the following example:
<Add verb = "*" path = "*. vbproj" type = "System. Web. HttpForbiddenHandler"/>
In this example, the. vbproj file extension is mapped to System. Web. HttpForbiddenHandler. If the client request ends with. vbproj, ASP. NET returns a message indicating "This type of page is not served" (This type of page cannot be provided ).
• The following guidelines apply to processing. NET Framework file extensions:
• Map unused extensions to HttpForbiddenHandler. If no ASP. NET page is provided, the. aspx is mapped to HttpForbiddenHandler. If you do not use Web Services, map. asmx to HttpForbiddenHandler.
• Disable remote processing on a Web server that accesses the Internet. Map the remote processing extension (. soap and. rem) on the Web server that accesses the Internet to HttpForbiddenHandler.
Kang standing's blog