How to Restrict File Types downloaded through file.axd and image.axd?

Topics: Business Logic Layer
May 13 at 1:37 PM
We just went through external penetration testing for one of our clients who has a BE 3.1 blog. The security team was able to download any file in the entire web application through file.axd and image.axd including all the xml settings files in the App_Data directory. How can we prevent this?

Thanks,

Scott