Knowledgebase:
All requests with /bin in the URL are rejected and return a 404 error (IIS 6.0)
Posted by Thomas Elgood, Last modified by rbTech Staff on 18 February 2014 02:30 PM

All requests with /bin in the URL are rejected and return a 404 error (IIS 6.0)

 

This occurs when IIS 6.0 and ASP.NET are both installed. In order to take a more proactive stance against malicious users and attackers, the ASP.NET ISAPI filter, aspnet_filter.dll, blocks incoming request containing /bin in the URL. This behavior occurs server-wide, regardless whether the request is for static or dynamic content.

The preferred solution to this issue is to modify the path to content on the server so that /bin is not necessary in any request.

If the content URL cannot be modified, an alternative solution is to set a registry key that stops the ASP .NET ISAPI filter from filtering requests containing /bin in the URL. This is a server-wide setting.

Procedures

  Important

Setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\ registry key can allow a malicious user access to programs and content in the /bin directory.

To disable /bin filtering

1.

In the details pane, right-click, point to New, and click DWORD Value.

2.

In the Name box, type the following: StopBinFiltering.

3.

Double-click the StopBinFiltering value, and in the Value data box type 1.

4.

Click OK, and then close Registry Editor.

5.

To reenable /bin filtering, set the StopBinFiltering value to 0.

(4 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).