tags:

views:

66

answers:

2
+5  Q: 

IIS cannot serve pages ending with .config

This is obviously a security issue and probably do not want to change this, but it would be nice to handle the error. Any ideas?

I see that stackoverflow is not immune:

http://stackoverflow.com/questions/tagged/web.config

They seem to have changed the tag to web-config to fix the problem but you still get a very nasty error message when you search for [web.config]

+1  A: 

In IIS 7, this can be found under Request Filtering. Other extensions that are filtered by default include:

  • .asax
  • .ascx
  • .master
  • .cs
  • .csproj

etc.

It's not a bug BTW, because the request gets filtered before ASP.NET gets a chance to process it. In other words, you could remove the request filter and have IIS process the extension if you want to, but make sure the extension is handled by ASP.NET and not the static file handler.

Edit: Maybe the answer for SO would be to change it so that when tags have a .XXX extension like web.config, they change to web-config or something else that IIS doesn't filter. This probably also would be a good topic on http://meta.stackoverflow.com/

Keltex  2010-06-07 12:54:37
Although there is no error for e.g. .cs but for .config on SO.
0xA3  2010-06-07 12:56:18
@0xA3 - If you enter a url like this: http://stackoverflow.com/questions/tagged/web.cs (or with any of the above extension) you get the same error. It just so happens that web.config is a popular tag.
Keltex  2010-06-07 12:58:20
I actually don't get the same error. For .cs and .vb I simply get a blank page, for .config I get an XML parse error.
0xA3  2010-06-07 13:01:00
+1  A: 

I believe this has been addressed in ASP.NET 4 with the addition of a new web.config setting

<configuration>
  <system.web>
    <httpRuntime relaxedUrlToFileSystemMapping="true"/>
  </system.web>
</configuration>

Phil Haack has more details.

David G  2010-06-07 13:54:06
Very useful. Thanks.
zaph0d  2010-06-07 14:02:57
Actually this won't work. Per the article, "Please note, that you still can’t request /web.config because that would try to request web.config in the root of your web application and ASP.NET won’t allow that for good reason!"
Keltex  2010-06-07 14:13:50
@Keltex correct, as stated in the article, it wont work for the root web.config file for obvious reasons but it will work for URLs containing 'web.config' that match a route such as the question's example http://stackoverflow.com/questions/tagged/web.config
David G  2010-06-07 14:54:13

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?