Error 404 on /bin browsing

Asked 4/7, 2012 at 7:37 Answered 4/7, 2012 at 10:30

Solved asp.net windows iis http-status-code-404 bin-folder

I run IIS 7.5 on Windows Server 2008 R2.
I'm getting a 404: file not found error when I browse the "/bin" folder. I understand that this is a security policy by Microsoft.

I tried doing what is written in here but it didn't solve the issue. Any ideas?

EDIT:
Should be noted that I have no security issues. I run the IIS for direcotry browsing in a private network. Eventually I need to perform crawling and indexing on it. The problem is that pages under "/bin" and '/AppConfig" are not being crawled because of the 404 error.

I just need a solution for this issue. Again, no security issues are relevant here.

Disarm answered 4/7, 2012 at 7:37 Comment(12)

IIS 6 on Windows 2008 R2 is not possible. W2008 R2 is shipped with IIS 7.5. In all cases, browsing to bin is unsafe. Why would you do that ? – Jule 4/7, 2012 at 7:39

Make an aspx page that read and show this bin with secure and only on logged in users... – Agulhas 4/7, 2012 at 7:41

Steve, you're right, my mistake. – Disarm 4/7, 2012 at 7:41

@user1251654: so the link you provided is no more valid as it points to W2K3 kb – Jule 4/7, 2012 at 7:42

Aristos, I didnt understand your solution. can't I change some configuration to allow directory browsing to this folders? – Disarm 4/7, 2012 at 7:42

Steve, Yes I know. I didnt find any other solution for iis 7.5 so I tried what is written in the link. – Disarm 4/7, 2012 at 7:43

See an example for what I mean: codeproject.com/Articles/301328/… – Agulhas 4/7, 2012 at 7:46

Bin is better to stay as it is to avoid get any virus or intruder. – Agulhas 4/7, 2012 at 7:47

@user1251654: please explain your requirement. We may find a solution to allow browsing BIN, but it's not a good practice. There is maybe other way to reach your goal. – Jule 4/7, 2012 at 7:51

Ok, I edited my quesion with clarification - no security issuses. I only need a solution that will alove browsing on all the blocked directories. – Disarm 4/7, 2012 at 7:56

@user1251654: this is not a requirement. What you are asking here is how to solve a technical problem, not what is your real goal (the business requirement probably). What I'm asking is you describe your goal. Why would you have to browse the bin directory? – Jule 4/7, 2012 at 8:43

As I said - I crawl and index the filesystem. I need to do this via http and not via filesystem protocol becuase of other reasons. consider it as a base assumption. assume the only access I have to a filesystem which I need to crawl and index is via this directory browsing . /bin is one of the folders in the filesystem and thus I need to access it and index it. – Disarm 4/7, 2012 at 8:47

Bin folder is not intended as a place where a developer should put web pages.

In IIS 7.5 you can configure

Open Internet Information Services (IIS) Manager
In the Connections pane, go to the connection, site, application, or directory for which you want to modify your request filtering settings.
In the Home pane, double-click Request Filtering.
In the Request Filtering pane, click the Hidden Segments tab
Select the relative path that you want to show (BIN folder), and then click Remove in the Actions pane.

The same can be done via web.config

<configuration>
  <system.webServer>
   <security>
     <requestFiltering>
        <hiddenSegments applyToWebDAV="false">
           <remove segment="Bin" />
        </hiddenSegments>
     </requestFiltering>
   </security>
  </system.webServer>
</configuration>

Anyway, in orded to avoid problems on development server and on any deploy server, i think that the easiest solution is to move that pages to another folder.

Read here:

ASP.NET recognizes certain folder names that you can use   
for specific types of content.  
The following table lists the reserved folder names and the type   
of files that the folders typically contain.

Note
The content of application folders, except for the App_Themes folder,
is not served in response to Web requests,
but it can be accessed from application code.

App_Browsers Contains browser definitions (.browser files) that ASP.NET uses to identify individual browsers and determine their capabilities.
App_Code Contains source code for shared classes and business objects
App_Data Contains application data files including .mdf database files, XML files, and other data store files.
App_GlobalResources Contains resources (.resx and .resources files) that are compiled into assemblies with global scope.
App_LocalResources Contains resources (.resx and .resources files) that are associated with a specific page, user control, or master page in an application
App_Themes Contains a collection of files (.skin and .css files, as well as image files and generic resources) that define the appearance of ASP.NET Web pages and controls.
App_WebReferences Contains reference contract files (.wsdl files), schemas (.xsd files), and discovery document files (.disco and .discomap files) that let you create a Web reference for use in an application.
Bin Contains compiled assemblies (.dll files) for controls, components, or other code that you want to reference in your application.

Glasper answered 4/7, 2012 at 10:30 Comment(4)

We are hosting WordPress sites on IIS and plugins and themes like to use a bin folder for images and other assets, which broke styling and logo. We removed bin from the list of folders for that specific site and it worked great. Windows 2012, IIS 8. – Benighted 16/11, 2017 at 16:22

@Benighted yes, you can do it an it works.. but Bin folder isn't intended for this purpouse. That's why this folder is protected by default. Now some private content can be served to users. – Glasper 17/11, 2017 at 9:22

Yes, I am fully aware of that. That's why I enabled the bin folder for that website only. A lot of PHP-based applications tend to make use of the bin folder in this fashion, even though they're not really supposed to (on *nix servers it doesn't matter). – Benighted 17/11, 2017 at 19:6

Also, I should point out that the web application in IIS is only hosting a WordPress site. There's no ASP.NET application or anything and no bin folder in the website root. It's nested in like site.com/wp-content/themes/theme/bin/ and in this instance this solution should be perfectly acceptable. – Benighted 17/11, 2017 at 19:8

Access \bin folder over network share, e.g. \\myserver\mysite\bin
Write ashx handler or asmx web service which will scan \bin folder for you and return the result for you, e.g. Directory.GetFiles(Server.MapPath("~\bin"))

Shadrach answered 4/7, 2012 at 8:9 Comment(2)

Are you sure there is no way to disable this security configuration in IIS? – Disarm 4/7, 2012 at 8:37

@user1251654: I don't know such way, google gave nothing too, and honestly I doubt that this ways even exist. – Shadrach 4/7, 2012 at 8:59

Recommended topics

Hot tags