What file extensions are blocked by default in IIS

asp.net .net asp.net-mvc iis
20,742

Solution 1

Here's the list I build out of the IIS UI since I couldn't find it anywhere. Hope you find it helpful.

disallowed extensions

.asax
.ascx
.master
.skin
.browser
.sitemap
.config
.cs
.csproj
.vb
.vbproj
.webinfo
.licx
.resx
.resources
.mdb
.vjsproj
.java
.jsl
.ldb
.dsdgm
.ssdgm
.lsad
.ssmap
.cd
.dsprototype
.lsaprototype
.sdm
.sdmDocument
.mdf
.ldf
.ad
.dd
.ldd
.sd
.adprototype
.lddprototype
.exclude
.refresh
.compiled
.msgx
.vsdisco
.rules

Solution 2

If I'm not mistaken, you'll find them in the root web.config of the machine:

%windir%\Microsoft.NET\Framework\framework_version\CONFIG

Which is also where you'll find the machine.config file.

e.g.

<add path="*.ascx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" />

REF:

As to how you'd programmatically get to it - I haven't tried. The IIS_USRS built-in group has access to it and this doc expands on it.

Hth...

Share:
20,742
Michael Kennedy
Author by

Michael Kennedy

Michael is an author, an instructor, and the technical curriculum director at DevelopMentor. He is also a co-creator and lead developer for LearningLine, DevelopMentor’s online training platform. Michael has been building commercial applications with .NET since its initial public beta in 2001. Prior to working with .NET, he spent years working with C++ on Windows and SGI platforms. He holds a Master’s degree in Mathematics from San Diego State University and is a Microsoft Certified Trainer. Michael has a broad background in software development. He has extensive experience in Windows UI technologies (WPF, Windows Forms, and MFC), web technologies (ASP.NET MVC, JavaScript, and IIS), data technologies (NoSQL, MongoDB, LINQ, Entity Framework, and ADO.NET), and software development process related methodologies (TDD, Unit Testing, Continuous Integration, TFS). In addition to teaching at DevelopMentor, you can find him speaking at conferences and user groups on topics such as NoSQL, MVC, and cloud computing.

Updated on July 30, 2022

Comments

  • Michael Kennedy
    Michael Kennedy almost 2 years

    Some files are not served off of IIS because they are typically part of the building blocks of the website itself. For ASP.NET these are files like *.cs, *.dll, *.config, *.cshtml, etc.

    You can find a list of them tied up in the IIS management setting "Filter requests" here:

    Filter requests

    But if you need to programmatically access this list, it seems tough to find. Is there a good list of these default extensions?

    BTW, the IIS website has info on how to enable / disable these globally here:

    http://www.iis.net/configreference/system.webserver/security/requestfiltering/fileextensions

  • Michael Kennedy
    Michael Kennedy over 11 years
    Nice. Funny, I looked there. But for some reason search the file didn't turn it up. I was looking for a fileExtension section (which the IIS doc I referenced talks about). Good to know. I suspect you can access this using ConfigurationManager but I haven't tried that. Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Could not load file or assembly or one of its dependencies. An attempt was made to load a program with an incorrect format
How can I get my webapp's base URL in ASP.NET MVC?
.NET 3.5 missing from the ASP.NET drop down in IIS after new install
AngularJS Ui-Router with ASP.Net MVC RouteConfig. How does it work?
How to restrict/validate file upload filetypes server side on IIS
How to declare a global variable in ASP.NET MVC page
Tracking Website's Page Visitors and Statistic at IIS level
System.UnauthorizedAccessException in mscorlib.dll
What would be the cause of this worker process crash?
How set a Session variable expired time on MVC 5?