Global files, error pages, static pages, IIS configuration and anti-black

Add a global application class.

<%@ Application language="C #"%><script runat="Server">//called when the entire site is first accessed    voidApplication_Start (Objectsender, EventArgs e) {        //code to run when the application startsApplication.Lock (); application["Web"] ="Welcome";    Application.UnLock (); }    //when the entire site is closed    voidApplication_End (Objectsender, EventArgs e) {        //code to run when the application shuts down    }    //a generic exception handling event for the entire station    voidApplication_Error (Objectsender, EventArgs e) {         //code to run when an unhandled error occurs    }    //called every time the session is created    voidSession_Start (Objectsender, EventArgs e) {        //code to run when a new session is startedApplication.Lock (); application["LogTime"] =DateTime.Now.ToString ();    Application.UnLock (); }    //called when each session object is destroyed    voidSession_End (Objectsender, EventArgs e) {        //The code that runs at the end of the session. //Note: Only the sessionstate mode in the Web. config file is set to//InProc, the Session_End event is not raised. If the session mode//is set to StateServer or SQL Server, the event is not raised. Application.Lock (); application["LogTime"] ="Goodbye";    Application.UnLock (); }       </script>

Error page:

Configure Web. config, configure the customerrors zone:
<customerrors mode= "on" defaultredirect= "myerrorpage.aspx" >
<error statuscode= "403" redirect= "noaccess.htm"/>
<error statuscode= "404" redirect= "filenotfound.htm"/>
</customErrors>
Mode three selectable values: on: Always display the custom error page, OFF: Do not display the custom error interface, directly display the call stack and other exception information; RemoteOnly: For native access to display exception information such as Call stack, custom error page for external user display. You can judge request.userhostaddress in the definition error page to set some IP to see the exception information, you can read the session if the administrator can see the exception information. Error sub-element settings for different status codes using different Errors page, many websites make 404 a special error page. A status code error that is not set individually displays the page specified in defaultredirect.

An HTM page can be used on an error page, or an ASPX page can be used. You can use HttpContext.Current.Server.GetLastError () to get the exception object in the ASPX page. If you want to get the exception object in the error page, such as setting redirectmode= "Responserewrite" in customerrors, because the client is redirected by default, the exception object will not be taken on the error page.

Static page: 1, read the static page string, 2, read a news message from the database, 3, the database isolated information, corresponding to the corresponding placeholder in the HTML code (replace), 4, the replacement of the generated HTML code to a rule-generated file name in the HTML file, and update the file name to the corresponding news in the database.

IIS configuration and anti-black:
Install IIS. Deploy Web sites (either publish or copy them). Modify the connection string, compilation set to False, remove CS code
Upload folder does not give Execute permission: Locate the Upload folder in IIS Manager, select Properties--Execute permission, set to "none". This makes it impossible to upload executable code to the upload folder, even with the exploit.
Remove browse permissions for all folders, prevent users from viewing the list of files in the Web site, locate the master node in IIS Manager → properties → home directory → cancel directory browsing.
Background folder only allows administrator's IP access, folder → properties →
In IIS management, Web Server Extensions allow only ASP. NET, and other CGI, ASP and so on all prohibit.

Global files, error pages, static pages, IIS configuration and anti-black