The production web-site must filter unlisted file extensions in URL requests. V-26046

Progress® Telerik® UI for ASP.NET AJAX Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Completed

Last Updated: 22 Jul 2016 10:30 by ADMIN

John

Created on: 03 Jan 2013 22:22

Category: UI for ASP.NET AJAX

Type: Bug Report

The production web-site must filter unlisted file extensions in URL requests. V-26046

Per DISA security hardening requirements, unlisted file extensions should be filtered in URL requests as seen in the following DISA STIG: http://www.stigviewer.com/check/V-26046

To do this, the Telerik UI for ASP.NET AJAX must publish extensions that are used in the libraries.  Without the extensions being published, it is not possible to implement this hardening requirement since the application will not function properly due to the unknown extensions being blocked.  Please publish the library extensions being used so that the hardening setting to filter unlisted file extensions can be turned on.  If this cannot be done, please identify the reasoning so that a deviation from the hardening requirement can be approved by the security team.

1 comment

ADMIN

Rumen

Posted on: 22 Jul 2016 10:29

We do not have any extensions different from the ones of .NET and ASP.NET.  That's why we do not offer a list with the extensions since it is not needed. The most frequently used ones are *.axd, *.html, *.png, *.js, *.css.

Create an account Log In

View

Type

Status