Getting 404.7 error for “/” root requests after Disabling Allow Unlisted file extension

by jask2002 7. March 2013 12:05

To secure the IIS 7.x one of the recommendation is to change the Request Filtering => FIle Extensions: To Allow only the  known extensions.

For example : Default values in IIS 7.x Request Filtering => File Name Extension on IIS

image

 

Ideally it should be (ONLY needed and known extensions Allowed)

Tip: Instead of deleting Each and every entry manually. You can use <clear /> in web.config . Then add entries from IIS UI

    <system.webServer>
        <security>
            <requestFiltering>
                  <fileExtensions>
                             <clear />
                 </fileExtensions>
            </requestFiltering>
        </security>             

 

image

 

To get the list of extension needed by your application you can parse your website IIS log

C:\Program Files (x86)\Log Parser 2.2>Logparser "SELECT EXTRACT_EXTENSION(cs-uri-stem) As Extension FROM 'ex130309.log' GROUP BY Extension" -o:datagrid -i:W3C

Now we will Uncheck the “Allow unknown File Extensions” in Edit Feature Settings in Request Filtering Action Pane so that IIS should only honor the above listed extensions

 

image

 

Here the actual problem started upon browsing http://localhost/ I got IIS error 404.7 but IF I browse http://locahost/iisstart.htm everything works!

(404.7 means File extension denied by Request Filtering ) Well I’m browsing without extension to the root  “/”. To fix this nuisance

Add an allowed Entry for “.”  Dot without Quotes

image

 

Happy to Securing IIS Smile


PayPal — The safer, easier way to pay online. Has this post helped you? Saved you? If you'd like to show your appreciation. Please buy me a coffee or make a small contribution toward blog's maintenance(to keep it Ads free )

Tags: , ,

IIS 7

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

About me

Hi there,

My name is  Jas and I'm currently working with Microsoft IIS/ASP.Net Escalation services.  Services

 

Tag cloud

Month List

RecentComments

Comment RSS

TextBox

 

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.