Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

Static files that have the hidden attribute set may return an HTTP 404 or an Access Denied error when browsed, while dynamic files can still be browsed.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 216803 - Last Review: July 7, 2008 - Revision: 4.1

IIS Hidden Static Files Return HTTP 404 or Access Denied Errors

View products that this article applies to.
This article was previously published under Q216803
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)

SYMPTOMS

Static files that have the hidden attribute set may return an HTTP 404 or an Access Denied error when browsed, while dynamic files can still be browsed.
Back to the top

CAUSE

This behavior is by design.
Back to the top

RESOLUTION

Configuring access control for all Web files should always be implemented through NTFS permissions.
Back to the top

MORE INFORMATION

Dynamic files such as Active Server Pages (ASP) or Server-Side Includes (SSI) are implemented through script-mapped ISAPI extensions, in this case the Asp.dll and Ssiinc.dll files respectively. These extensions preprocess the executable code in the files being requested and can therefore read hidden files and return the expected HTML output to a client. Direct Web browsing of hidden static files results in a "File not Found" or an "Access Denied" error message.
Back to the top
APPLIES TO
  • Microsoft Internet Information Server 3.0
  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Services 6.0
  • Microsoft Internet Information Services 7.0
Back to the top
Keywords: 
kbhttp404 kbprod2web KB216803
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting