240 lines
13 KiB
XML
240 lines
13 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
||
<configuration>
|
||
<configSections>
|
||
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
|
||
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
|
||
</configSections>
|
||
<appSettings>
|
||
<add key="systemDirs" value="news,product" />
|
||
<add key="shopCarCode" value="17168ERP" />
|
||
<!--allowReqAtt 弱掃需求建議設定註冊會用到的request名稱(給rtnQueryString這隻用的):num,root,kind,kw,page,defpath,rtnobj,dirname,CKEditorFuncNum,mode,msg,nation,category,sign_no,order_no,skey,key,chknum,chk,id-->
|
||
<add key="allowReqAtt" value="" />
|
||
<add key="owin:AutomaticAppStartup" value="true" />
|
||
<add key="owin:AppStartup" value="SignalRChat.Startup" />
|
||
<!--設計師模式-->
|
||
<add key="designIP" value="127.0.0.1,211.20.239.58" />
|
||
<!--允許後台的ip-->
|
||
<add key="admIP" value="" />
|
||
<!--後台只允許台灣的IP:Y=啟用,設為其它值為停用-->
|
||
<add key="admTwIP" value="Y" />
|
||
<!--後台一個帳號只允許一個人登入,若要啟用請設Y-->
|
||
<add key="SingleIn" value="N" />
|
||
<!--GOOGLE recaptcha https://www.google.com/recaptcha/ -->
|
||
<add key="recaptchaSitekey" value="" />
|
||
<!--金鑰-->
|
||
<add key="recaptchaSecret" value="" />
|
||
<!--密鑰-->
|
||
<!--圖片浮水印設定:0=不使用 1=縮圖程式使用 2=上傳圖片若有使用縮圖則壓上浮水印(原檔會壓上浮水印)-->
|
||
<add key="WatermarkMode" value="0" />
|
||
<!--圖片浮水印設定:圖片路徑-->
|
||
<add key="WatermarkPath" value="~/App_Script/watermark.png" />
|
||
<!--圖片浮水印設定:透明度-->
|
||
<add key="WatermarkPct" value="0.5" />
|
||
<!--嘗試登入後台失敗次數,若不使用請設0-->
|
||
<add key="LoginTryCount" value="3" />
|
||
<!--嘗試登入後台失敗鎖定分鐘-->
|
||
<add key="LoginTryLockMin" value="15" />
|
||
<!--密碼強度 0=不限制 1=普通 2=中 3=高-->
|
||
<add key="pwStrength" value="0" />
|
||
<!--考勤允許IP-->
|
||
<add key="attendancesIP" value="211.20.239.58,127.0.0.1,122.117.61.232" />
|
||
<!--網站的簡稱,用來區別session和cookie-->
|
||
<add key="SC" value="erp17168" />
|
||
</appSettings>
|
||
<connectionStrings>
|
||
<!--SQL用-->
|
||
<!-- -->
|
||
<add name="shopConn" providerName="System.Data.SqlClient" connectionString="Data Source=localhost;Initial Catalog=17168erp_e2;User ID=17168erp;Password=17168erp;Encrypt=False;TrustServerCertificate=True;Provider=SQLOLEDB;" />
|
||
<add name="ezEntities" connectionString="metadata=res://*/App_Code.Model.Model.csdl|res://*/App_Code.Model.Model.ssdl|res://*/App_Code.Model.Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=localhost;Initial Catalog=17168erp_e2;User ID=17168erp;Password=17168erp;Encrypt=False;TrustServerCertificate=True;"" providerName="System.Data.EntityClient" />
|
||
<!--SQL用-->
|
||
</connectionStrings>
|
||
<!--
|
||
如需 web.config 變更的說明,請參閱 http://go.microsoft.com/fwlink/?LinkId=235367。
|
||
|
||
您可以在 <httpRuntime> 標記上設定下列屬性。
|
||
<system.Web>
|
||
<httpRuntime targetFramework="4.7.2" />
|
||
</system.Web>
|
||
-->
|
||
<system.web>
|
||
<httpCookies httpOnlyCookies="true" sameSite="Lax" />
|
||
<!--有SSL要用這行,上面一行要拿掉 <httpCookies requireSSL="true" sameSite="Lax" httpOnlyCookies="true"/>-->
|
||
<!--machineKey的產生器:http://www.allkeysgenerator.com/Random/ASP-Net-MachineKey-Generator.aspx-->
|
||
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="AES" />
|
||
<!--
|
||
OLD:
|
||
<machineKey validation="SHA1" decryption="AES"
|
||
validationKey="0D8F8703B1E133FB1E507DBDA1E641AA046903DBDB4E1A0C984CA8D47ECCBC1731F40D740DD2C11613EE380F9AC673F5A850AF5264304B8D1F291C3754848E47"
|
||
decryptionKey="5DA56C30BC1FB4E5744C7A790AD32FF191C20BF6363FCAE3B34B2757B399934E" />
|
||
-->
|
||
<!--
|
||
NEW:
|
||
<machineKey validation="SHA1" decryption="AES"
|
||
validationKey="AF45CC82553E8225A5FA0DE14DEB854130BA4E6B"
|
||
decryptionKey="9F8A9C5F4394F24E6CB3404C8721EB3EBEFFDA66FD8DA7B9F393D42E18257CFE" />
|
||
-->
|
||
<!--有要弱點掃瞄切換成這個<machineKey validation="3DES"/>,App_Code\config.cs 裡面的「壓縮ViewState」要拿掉-->
|
||
<customErrors mode="Off" />
|
||
<!--<customErrors>
|
||
<error statusCode="404" redirect="main.aspx?msg=404"/>
|
||
</customErrors>-->
|
||
<!--自訂程式錯誤的頁面設定-->
|
||
<!--<customErrors mode="On" defaultRedirect="~/main.aspx">
|
||
<error statusCode="404" redirect="main.aspx?msg=404"/>
|
||
</customErrors>-->
|
||
<globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8" />
|
||
<compilation debug="true" targetFramework="4.8">
|
||
<assemblies>
|
||
<add assembly="System.Net.Http, Version=4.2.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
|
||
<add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
|
||
<add assembly="System.Data.Entity.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
|
||
<add assembly="System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
|
||
<add assembly="System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
|
||
<add assembly="System.ComponentModel.DataAnnotations, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
|
||
<add assembly="PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
|
||
<add assembly="PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
|
||
</assemblies>
|
||
<buildProviders>
|
||
<add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider" />
|
||
</buildProviders>
|
||
</compilation>
|
||
<pages enableViewStateMac="true" viewStateEncryptionMode="Always" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
|
||
<controls>
|
||
<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
|
||
<add assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" tagPrefix="cc1" />
|
||
</controls>
|
||
</pages>
|
||
<authentication mode="Forms">
|
||
<forms loginUrl="~/admin/index.aspx" defaultUrl="~/admin/index.aspx" />
|
||
</authentication>
|
||
<httpRuntime requestValidationMode="2.0" enableVersionHeader="false" />
|
||
</system.web>
|
||
<system.webServer>
|
||
<!-- 支援路由有"." https://stackoverflow.com/questions/9273987/asp-net-mvc-url-route-supporting-dot -->
|
||
<modules runAllManagedModulesForAllRequests="true" />
|
||
<!--修補弱點:IIS 目錄列舉-->
|
||
<security>
|
||
<requestFiltering>
|
||
<denyUrlSequences>
|
||
<add sequence="?" />
|
||
<add sequence="*" />
|
||
</denyUrlSequences>
|
||
</requestFiltering>
|
||
</security>
|
||
<httpProtocol>
|
||
<customHeaders>
|
||
<remove name="X-Powered-By" />
|
||
<remove name="X-AspNet-Version" />
|
||
<!--<add name="X-Frame-Options" value="SAMEORIGIN" /> iframe只允許嵌入自已網站下的頁面 -->
|
||
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
|
||
<!--有ssl 才能用-->
|
||
<!--<add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=31536000, s-maxage=0" />-->
|
||
<!--<add name="Cache-Control" value="max-age=31536000" />-->
|
||
<add name="X-XSS-Protection" value="1; mode=block" />
|
||
<add name="X-Content-Type-Options" value="nosniff" />
|
||
<add name="Referrer-Policy" value="strict-origin" />
|
||
</customHeaders>
|
||
</httpProtocol>
|
||
<rewrite>
|
||
<rules>
|
||
<!--若有裝SSL與主機有支援urlrewrite的話,可啟用下面讓http自動轉去https
|
||
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
|
||
<match url="(.*)" />
|
||
<conditions>
|
||
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
|
||
</conditions>
|
||
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
|
||
</rule>-->
|
||
<!--
|
||
<rule name="Redirect domain.com to www" patternSyntax="ECMAScript" stopProcessing="true">
|
||
<match url=".*" />
|
||
<conditions>
|
||
<add input="{HTTP_HOST}" pattern="^domain.com$" />
|
||
</conditions>
|
||
<action type="Redirect" url="https://www.domain.com/{R:0}" />
|
||
</rule>
|
||
-->
|
||
<!--sites資料夾裡拒絕直接訪問-->
|
||
<rule name="SiteRule1" stopProcessing="true">
|
||
<match url="^sites/(.*)" />
|
||
<action type="AbortRequest" />
|
||
</rule>
|
||
<!--upload資料夾裡拒絕訪問程式頁-->
|
||
<rule name="RequestBlockingRule1" stopProcessing="true">
|
||
<match url="^upload/(.*)\.aspx" />
|
||
<action type="CustomResponse" statusCode="404" />
|
||
</rule>
|
||
<rule name="RequestBlockingRule2" stopProcessing="true">
|
||
<match url="^upload/(.*)\.asp" />
|
||
<action type="CustomResponse" statusCode="404" />
|
||
</rule>
|
||
<rule name="RequestBlockingRule3" stopProcessing="true">
|
||
<match url="^upload/(.*)\.php" />
|
||
<action type="CustomResponse" statusCode="404" />
|
||
</rule>
|
||
<rule name="RequestBlockingRule4" stopProcessing="true">
|
||
<match url="^upload/(.*)\.asmx" />
|
||
<action type="CustomResponse" statusCode="404" />
|
||
</rule>
|
||
<rule name="RequestBlockingRule5" stopProcessing="true">
|
||
<match url="^upload/(.*)\.ashx" />
|
||
<action type="CustomResponse" statusCode="404" />
|
||
</rule>
|
||
<rule name="RequestBlockingRule6" stopProcessing="true">
|
||
<match url="^upload/(.*)\.html" />
|
||
<action type="CustomResponse" statusCode="404" />
|
||
</rule>
|
||
<!--upload資料夾裡拒絕訪問程式頁-->
|
||
</rules>
|
||
</rewrite>
|
||
<handlers>
|
||
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
|
||
<remove name="OPTIONSVerbHandler" />
|
||
<remove name="TRACEVerbHandler" />
|
||
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
|
||
</handlers>
|
||
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
|
||
<staticContent>
|
||
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="777.00:00:00" />
|
||
</staticContent>
|
||
</system.webServer>
|
||
<runtime>
|
||
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
|
||
<dependentAssembly>
|
||
<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
|
||
<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
|
||
</dependentAssembly>
|
||
<dependentAssembly>
|
||
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
|
||
<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
|
||
</dependentAssembly>
|
||
<dependentAssembly>
|
||
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
|
||
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
|
||
</dependentAssembly>
|
||
<dependentAssembly>
|
||
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
|
||
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
|
||
</dependentAssembly>
|
||
<dependentAssembly>
|
||
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
|
||
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
|
||
</dependentAssembly>
|
||
<dependentAssembly>
|
||
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
|
||
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
|
||
</dependentAssembly>
|
||
</assemblyBinding>
|
||
</runtime>
|
||
<entityFramework>
|
||
<providers>
|
||
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
|
||
</providers>
|
||
</entityFramework>
|
||
<system.codedom>
|
||
<compilers>
|
||
<compiler extension=".cs" language="c#;cs;csharp" warningLevel="4" compilerOptions="/langversion:7.3 /nowarn:1659;1699;1701;612;618" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
|
||
<compiler extension=".vb" language="vb;vbs;visualbasic;vbscript" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008,40000,40008 /define:_MYTYPE=\"Web\" /optionInfer+" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=3.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
|
||
</compilers>
|
||
</system.codedom>
|
||
</configuration> |