All requests with /bin in the URL are rejected and return a 404 error
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
This occurs when IIS 6.0 and ASP.NET are both installed. In order to take a more proactive stance against malicious users and attackers, the ASP.NET ISAPI filter, aspnet_filter.dll, blocks incoming request containing /bin in the URL. This behavior occurs server-wide, regardless whether the request is for static or dynamic content.
The preferred solution to this issue is to modify the path to content on the server so that /bin is not necessary in any request.
If the content URL cannot be modified, an alternative solution is to set a registry key that stops the ASP .NET ISAPI filter from filtering requests containing /bin in the URL. This is a server-wide setting.
|Setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ registry key can allow a malicious user access to programs and content in the /bin directory.|
Start Registry Editor and navigate to the
In the details pane, right-click, point to New, and click DWORD Value.
In the Name box, type the following: StopBinFiltering.
Double-click the StopBinFiltering value, and in the Value data box type 1.
Click OK, and then close Registry Editor.
To reenable /bin filtering, set the StopBinFiltering value to 0.