Dynamic or Static Content Errors in IIS 6.0 : All requests with /bin in the URL are rejected and return a 404 error .: Error DataBase-One Place all Solutions

Dynamic or Static Content Errors in IIS 6.0 : All requests with /bin in the URL are rejected and return a 404 error

This occurs when IIS 6.0 and ASP.NET are both installed. In order to take a more proactive stance against malicious users and attackers, the ASP.NET ISAPI filter, aspnet_filter.dll, blocks incoming request containing /bin in the URL. This behavior occurs server-wide, regardless whether the request is for static or dynamic content.

The preferred solution to this issue is to modify the path to content on the server so that /bin is not necessary in any request.

If the content URL cannot be modified, an alternative solution is to set a registry key that stops the ASP .NET ISAPI filter from filtering requests containing /bin in the URL. This is a server-wide setting.

Procedures

Important:

Setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ registry key can allow a malicious user access to programs and content in the /bin directory.

To disable /bin filtering

1.	Start Registry Editor and navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ key.
2.	In the details pane, right-click, point to New, and click DWORD Value.
3.	In the Name box, type the following: StopBinFiltering.
4.	Double-click the StopBinFiltering value, and in the Value data box type 1.
5.	Click OK, and then close Registry Editor.
6.	To reenable /bin filtering, set the StopBinFiltering value to 0.

Article	1164
Created	2-20-2008
Author	Lucki
Rating	(None)