Original Bug report: https://blogengine.codeplex.com/workitem/12551
There is a security issue with BlogEngine.NET which allows any one access to files that are usually blocked off.
Once you download the file, open it up in your favorite text editor ;-)
Sorry "rtur" for using you as an example, but luckily you are using XML config, while others like me are using DB connection which when using the above link could expose the connection string.
Quick Fix for non-developers / site owners:
Comment out the following lines in the Web.config (they are listed twice), this will stop images in your blogs until such time as Dev's fix the issue:
<add name="FileHandler" verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
<add name="ImageHandler" verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode" />
A quick search on your preferred search engine will reveal a number of reviews about CloudFlare.
As with any other company, you are bound to find mixed feelings towards CloudFlare, some of them negative and some of them positive, for me it has been all positive as I have never ran in to any problems what so ever while using their awesome service.
CloudFlare currently offers four plans, which depending on your requirements you may choose to use, though from my own experience of using the Free Plan, I have never needed to upgrade due to CloudFlare being very generous with their offerings for all the sites I manage.
CloudFlare currently allows the Free Plan accounts to utilize the following awesomeness:
So go ahead and give CloudFlare a go for Free. https://www.cloudflare.com/plans
Welcome to the LookugA blog!
LookugA (pronounced: Loo-Ku-Ga) is a side alias I have been using for a while. I used this alias to work upon a number of security and development projects.
This blog will be used to publish my articles on open source related items, hardware and software development and of course security.
I am going to publish a new article at least once every two weeks, it could either be a written/video tutorial, a new security discover or just a general topic I would be interested in at that point in time.
Subscribe to any of the LookugA social media channels to stay updated.