All requests with /bin in the URL are rejected and return a 404 error

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

This occurs when IIS 6.0 and ASP.NET are both installed. In order to take a more proactive stance against malicious users and attackers, the ASP.NET ISAPI filter, aspnet_filter.dll, blocks incoming request containing /bin in the URL. This behavior occurs server-wide, regardless whether the request is for static or dynamic content.

The preferred solution to this issue is to modify the path to content on the server so that /bin is not necessary in any request.

If the content URL cannot be modified, an alternative solution is to set a registry key that stops the ASP .NET ISAPI filter from filtering requests containing /bin in the URL. This is a server-wide setting.

Procedures

To disable /bin filtering

1. Start Registry Editor and navigate to the
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ key.

2. In the details pane, right-click, point to New, and click DWORD Value.

3. In the Name box, type the following: StopBinFiltering.

4. Double-click the StopBinFiltering value, and in the Value data box type 1.

5. Click OK, and then close Registry Editor.

6. To reenable /bin filtering, set the StopBinFiltering value to 0.