|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
404 errors on downloading filesWe have many different files on our server ".dat", ".exe", ".template"
plus other custom file extensions. All these files on IIS6 (Windows 2003) seem to give a 404 when trying to download them. We have the folder set to "None" execute permissions and it is set for "Read" permissions. Is it true that we *have* to add a mime-type for every file extension we wish to allow to download? Surely it cant be true, that would be a nightmare to configure on every folder on every site on every server (we have ordered 3) ... and for absolutely no benefit whatsoever? Please can somone confirm or correct me. Thanks Yes, you need to define mime types.
IIS 6.0 does not serve unknown MIME types http://support.microsoft.com/?id=326965 -- Show quoteHide quoteRegards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ "Coderanger" <d***@coderanger.com> wrote in message news:1152811932.217616.204600@i42g2000cwa.googlegroups.com... > We have many different files on our server ".dat", ".exe", ".template" > plus other custom file extensions. > > All these files on IIS6 (Windows 2003) seem to give a 404 when trying > to download them. > > We have the folder set to "None" execute permissions and it is set for > "Read" permissions. > > Is it true that we *have* to add a mime-type for every file extension > we wish to allow to download? > > Surely it cant be true, that would be a nightmare to configure on every > folder on every site on every server (we have ordered 3) ... and for > absolutely no benefit whatsoever? > > Please can somone confirm or correct me. Thanks > Hi Coderanger,
I just want to address your "and for no benefit" comment. There definitely is a benefit. This feature was added to IIS 6 to improve security. Specifically, this is a defense against unintentionally serving out script source files. Consider the scenario where you install some script processor. For illustration, I'll use ASP.NET, but the same thing applies to anything that uses script mappings. Let's say you've got ASP.NET and create some content. The script mechanism works by assigning requests with ".aspx" file extensions to aspnet_isapi.dll. Now, for some reason, you decide to uninstall ASP.NET. This will remove aspnet_isapi.dll and the script mapping, but will not delete user created files. At this point, you've potentially got .aspx files in your content directories. If IIS served files for which there is no MIME mapping, those .aspx files would just be returned raw to any requests for them. Since IIS 6 does not server static files with no MIME mapping, this will not happen. If you don't need this extra level of security, then you can just follow the steps in the article that Bernard posted below and you will get the IIS 5 behavior. Thank you, -Wade A. Hilmo, -Microsoft Show quoteHide quote "Bernard Cheah [MVP]" <qbern***@hotmail.com.discuss> wrote in message news:Ov8HGNwpGHA.4760@TK2MSFTNGP05.phx.gbl... > Yes, you need to define mime types. > IIS 6.0 does not serve unknown MIME types > http://support.microsoft.com/?id=326965 > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://www.iis-resources.com/ > http://msmvps.com/blogs/bernard/ > > > "Coderanger" <d***@coderanger.com> wrote in message > news:1152811932.217616.204600@i42g2000cwa.googlegroups.com... > > We have many different files on our server ".dat", ".exe", ".template" > > plus other custom file extensions. > > > > All these files on IIS6 (Windows 2003) seem to give a 404 when trying > > to download them. > > > > We have the folder set to "None" execute permissions and it is set for > > "Read" permissions. > > > > Is it true that we *have* to add a mime-type for every file extension > > we wish to allow to download? > > > > Surely it cant be true, that would be a nightmare to configure on every > > folder on every site on every server (we have ordered 3) ... and for > > absolutely no benefit whatsoever? > > > > Please can somone confirm or correct me. Thanks > > > > Coderanger wrote on 13 Jul 2006 10:32:12 -0700:
Show quoteHide quote > We have many different files on our server ".dat", ".exe", ".template" You do need to add the MIME type, but it's a global setting. You only need > plus other custom file extensions. > > All these files on IIS6 (Windows 2003) seem to give a 404 when trying > to download them. > > We have the folder set to "None" execute permissions and it is set for > "Read" permissions. > > Is it true that we *have* to add a mime-type for every file extension > we wish to allow to download? > > Surely it cant be true, that would be a nightmare to configure on every > folder on every site on every server (we have ordered 3) ... and for > absolutely no benefit whatsoever? > > Please can somone confirm or correct me. Thanks to define each type once. Or you could follow the instructions in the link posted by Bernard and add the wildcard mapping to enable all file extensions. Dan 
Other interesting topics
Supressing Public ASP Error Codes
AD & ADAM together in harmony IIS passing server credentials rather than user credentials Getting Ip address of the actual client Flaw in default permissions Web Server Type Secure SFTP Server Basic Authentication for only one special user Credentials not passed on when using ASP.NET Exception from HRESULT: 0x800A0046 |
|||||||||||||||||||||||
