IIS 6.0 generating 404.1 error for "bin" sub-directory

Specifically: HTTP Error 404.1 - File or directory not found: Web site not
accessible on the requested port.

The problem is that this occurs on a specific directory: \bin
I can create a parallel directory, for example: \includes, that works just
fine (any other directory name works fine also)
This problem prevents ANY file in the directory from loading client-side,
for example, in a browser:
\includes\AceClubs.gif LOADS FINE
\bin\AceClubs.gif Error 404.1
(note that www.ohmancorp.com + above paths are currently active, to show the
problem)
The problem is not specific to .gif, in fact I need .js files to client-side
load from \bin directory, which right now are not. Example, I need:
\bin\header.js

Of course, any global/server/site specific MIME/ISAPI settings would apply
to all sub-directories, so since these files will load from \includes
directory then \bin should behave identical!

Configuration of server: Windows Server 2003, Standard Edition - Stand-alone
server (Not AD-integrated)
Version 5.2.3790 SP2 - All known updates applied

IIS config: fairly straight-up, in Web Service Extension, I allowed Active
Server Pages.
Server hosts 30 websites over 15 IP's, some sites use Host headers. Note
that this problem is the same between dedicated IP sites and Host-Header'd
sites.

I have EXTENSIVELY compared ALL conceivable properties between the bin and
includes directory: all NTFS permissions, all IIS directory level properties:
all are identical. Both directories are in the same site, so what works with
one directory should work with the other directory. The problem is specific
to the bin directory, in that other directories in addition to the includes
work just fine. In fact, I have renamed the working \includes to \bin and
the Error 404.1 error occurs.

Additionally, this problem is consistent for ALL of the sites on this
server. Therein lies the problem: if it was just one site, I'd just throw
all \bin files into \includes and be done. But all of these websites have
..js files in them, and to re-code all pages that refer to \bin would take a
couple days. Several of the sites interact with databases, which also have
stored data referencing to \bin.

What really get's me: the specific error: ".... on the requested port".
Huh? Port 80 not found? This is a different port than the parallel or
parent directory, huh? I have to believe the error message is mis-leading.
But 9 hours of searching and trying to find troubleshooting guidance have
proved fruitless.

Any assistance in resolving and/or troubleshooting this would be greately
appreciated!!

Thanks in advance...
---Jay R O

Re: IIS 6.0 generating 404.1 error for "bin" sub-directory

IIS6 does not generate 404.1 error responses.

So, your issue definitely comes from some other product running on top
of IIS.

If you are running ASP.Net, it will deny read access to all URLs with /
bin. There's a patch and registry key to control this behavior -
search for it.

The reason it does this is because /bin is not supposed to be web-
accessible for ASP.Net applications. It's the same principle that all
of IIS files are inside of \Windows\System32\inetsrv and IIS uses
files in that directory to handle HTTP requests, but that directory is
not web-accessible for security reasons.

On versions of IIS prior to IIS6, the ASP.Net ISAPI runs inproc of
inetinfo.exe as LocalSystem and can directly change IIS configuration
on AppDomain initialization to disallow read access (you would have
noticed this within the IIS properties between /bin and /include). On
IIS6, ASP.Net ISAPI runs in w3wp.exe as Network Service (defaults)
that cannot change IIS configuration (security reasons), so the "work
around" was to filter out all access to /bin and reject with 404.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Aug 9, 2:02 pm, Jay Ohman
wrote:
> Specifically: HTTP Error 404.1 - File or directory not found: Web site not
> accessible on the requested port.
>
> The problem is that this occurs on a specific directory: \bin
> I can create a parallel directory, for example: \includes, that works just
> fine (any other directory name works fine also)
> This problem prevents ANY file in the directory from loading client-side,
> for example, in a browser:
> \includes\AceClubs.gif LOADS FINE
> \bin\AceClubs.gif Error 404.1
> (note thatwww.ohmancorp.com+ above paths are currently active, to show the
> problem)
> The problem is not specific to .gif, in fact I need .js files to client-side
> load from \bin directory, which right now are not. Example, I need:
> \bin\header.js
>
> Of course, any global/server/site specific MIME/ISAPI settings would apply
> to all sub-directories, so since these files will load from \includes
> directory then \bin should behave identical!
>
> Configuration of server: Windows Server 2003, Standard Edition - Stand-alone
> server (Not AD-integrated)
> Version 5.2.3790 SP2 - All known updates applied
>
> IIS config: fairly straight-up, in Web Service Extension, I allowed Active
> Server Pages.
> Server hosts 30 websites over 15 IP's, some sites use Host headers. Note
> that this problem is the same between dedicated IP sites and Host-Header'd
> sites.
>
> I have EXTENSIVELY compared ALL conceivable properties between the bin and
> includes directory: all NTFS permissions, all IIS directory level properties:
> all are identical. Both directories are in the same site, so what works with
> one directory should work with the other directory. The problem is specific
> to the bin directory, in that other directories in addition to the includes
> work just fine. In fact, I have renamed the working \includes to \bin and
> the Error 404.1 error occurs.
>
> Additionally, this problem is consistent for ALL of the sites on this
> server. Therein lies the problem: if it was just one site, I'd just throw
> all \bin files into \includes and be done. But all of these websites have
> .js files in them, and to re-code all pages that refer to \bin would take a
> couple days. Several of the sites interact with databases, which also have
> stored data referencing to \bin.
>
> What really get's me: the specific error: ".... on the requested port".
> Huh? Port 80 not found? This is a different port than the parallel or
> parent directory, huh? I have to believe the error message is mis-leading.
> But 9 hours of searching and trying to find troubleshooting guidance have
> proved fruitless.
>
> Any assistance in resolving and/or troubleshooting this would be greately
> appreciated!!
>
> Thanks in advance...
> ---Jay R O

Re: IIS 6.0 generating 404.1 error for "bin" sub-directory

David--
Thanks for taking the time to respond. At least I now have some type of
information that indicates this was not a configuration error.

I wish this showed up in the properties between /bin and /include in
IIS 6, I could have saved a ton of time. Or at least some type of warning:
**the IIS service has detected a bin directory in your website, this
directory will now be blocked in 6.0 for security reasons. ** (Sorry, just
venting, I can usually track down these types of errors within a couple
hours).

Please do share where I can find more info on this patch and registry
key. Another wasted hour of searching MS KB/Google/Dogpile yielded nothing
about this behavior. (Even with my most creative searching efforts).

I'd be mildly curious to understand how it is that I have since my original
posting: I have prohibited the Web Service Extension ASP.NET (now only Active
Server Pages is allowed), and yet something is still returning the
404.1 error.

Again, any assistance in resolving and/or troubleshooting this is greatly
appreciated.

--Jay R O

"David Wang" wrote:

> IIS6 does not generate 404.1 error responses.
>
> So, your issue definitely comes from some other product running on top
> of IIS.
>
> If you are running ASP.Net, it will deny read access to all URLs with /
> bin. There's a patch and registry key to control this behavior -
> search for it.
>
> The reason it does this is because /bin is not supposed to be web-
> accessible for ASP.Net applications. It's the same principle that all
> of IIS files are inside of \Windows\System32\inetsrv and IIS uses
> files in that directory to handle HTTP requests, but that directory is
> not web-accessible for security reasons.
>
> On versions of IIS prior to IIS6, the ASP.Net ISAPI runs inproc of
> inetinfo.exe as LocalSystem and can directly change IIS configuration
> on AppDomain initialization to disallow read access (you would have
> noticed this within the IIS properties between /bin and /include). On
> IIS6, ASP.Net ISAPI runs in w3wp.exe as Network Service (defaults)
> that cannot change IIS configuration (security reasons), so the "work
> around" was to filter out all access to /bin and reject with 404.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Aug 9, 2:02 pm, Jay Ohman
> wrote:
> > Specifically: HTTP Error 404.1 - File or directory not found: Web site not
> > accessible on the requested port.
> >
> > The problem is that this occurs on a specific directory: \bin
> > I can create a parallel directory, for example: \includes, that works just
> > fine (any other directory name works fine also)
> > This problem prevents ANY file in the directory from loading client-side,
> > for example, in a browser:
> > \includes\AceClubs.gif LOADS FINE
> > \bin\AceClubs.gif Error 404.1
> > (note thatwww.ohmancorp.com+ above paths are currently active, to show the
> > problem)
> > The problem is not specific to .gif, in fact I need .js files to client-side
> > load from \bin directory, which right now are not. Example, I need:
> > \bin\header.js
> >
> > Of course, any global/server/site specific MIME/ISAPI settings would apply
> > to all sub-directories, so since these files will load from \includes
> > directory then \bin should behave identical!
> >
> > Configuration of server: Windows Server 2003, Standard Edition - Stand-alone
> > server (Not AD-integrated)
> > Version 5.2.3790 SP2 - All known updates applied
> >
> > IIS config: fairly straight-up, in Web Service Extension, I allowed Active
> > Server Pages.
> > Server hosts 30 websites over 15 IP's, some sites use Host headers. Note
> > that this problem is the same between dedicated IP sites and Host-Header'd
> > sites.
> >
> > I have EXTENSIVELY compared ALL conceivable properties between the bin and
> > includes directory: all NTFS permissions, all IIS directory level properties:
> > all are identical. Both directories are in the same site, so what works with
> > one directory should work with the other directory. The problem is specific
> > to the bin directory, in that other directories in addition to the includes
> > work just fine. In fact, I have renamed the working \includes to \bin and
> > the Error 404.1 error occurs.
> >
> > Additionally, this problem is consistent for ALL of the sites on this
> > server. Therein lies the problem: if it was just one site, I'd just throw
> > all \bin files into \includes and be done. But all of these websites have
> > .js files in them, and to re-code all pages that refer to \bin would take a
> > couple days. Several of the sites interact with databases, which also have
> > stored data referencing to \bin.
> >
> > What really get's me: the specific error: ".... on the requested port".
> > Huh? Port 80 not found? This is a different port than the parallel or
> > parent directory, huh? I have to believe the error message is mis-leading.
> > But 9 hours of searching and trying to find troubleshooting guidance have
> > proved fruitless.
> >
> > Any assistance in resolving and/or troubleshooting this would be greately
> > appreciated!!
> >
> > Thanks in advance...
> > ---Jay R O
>
>
>

Re: IIS 6.0 generating 404.1 error for "bin" sub-directory

Wow, I can be stupid persistent.... I just needed to spend another 2 hours
searching (about 12 hours total).
Thanks to David.Wang for leading me to believe there was a solution to be
found.
So for assistance to others that are reading this thread, here are my
findings.

Information regarding this functionality:
An indication that the /bin directory is not served -
Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0
http://msdn.microsoft.com/msdnmag/issues/05/11/SecureWebApps /default.aspx

And a technical article to disable the functionality:
All requests with /bin in the URL are rejected and return a 404 error (IIS
6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer20 03/Library/IIS/54e9382b-743d-495e-a324-b8b57a5214ee.mspx?mfr =true

In case others search like I was,
keywords: /bin, \bin, sub-directory, allow, blocked, IIS 6.0,
StopBinFiltering,
HTTP Error 404 - File or directory not found.,
HTTP Error 404.1 - File or directory not found: Web site not accessible on
the requested port.
--------------------------
Constructive note to Microsoft (and therapeutic venting for 12 hours wasted).
I just verified that my first web site was created August 1996, running from
an Apache server. My use of bin directories go back that far. Of course,
current context of bin under ASP.NET has evolved from my context.

I believe in the philosophy that the best security is to fully understand
the exposure and risks. Understanding this with ASP.NET as compared to ASP
is daunting. It's my humble opinion that serving websites has become overly
complex for many scenarios. So much footprint is just that much more to be
exposed to attacks. And safely reverting to a simpler functionality is also
a daunting proposition. If I remove unused functionality, is there an easy
way to restore as needs arise?

My business focus is small business IT administration, I offer managed
website hosting and design to my small business customers. For most of my
customers, the simpler the better. And simple does not directly correspond
to ameteur or non-attractive. I believe in the philosophy that the best
security is to fully understand the exposure and risks. Perhaps some day my
customers will have need for ASP.NET functionality. But first I'll need to
find a compelling reason to learn just what that functionality is (and a
simple technical reference).

I feel better now.

"David Wang" wrote:

> IIS6 does not generate 404.1 error responses.
>
> So, your issue definitely comes from some other product running on top
> of IIS.
>
> If you are running ASP.Net, it will deny read access to all URLs with /
> bin. There's a patch and registry key to control this behavior -
> search for it.
>
> The reason it does this is because /bin is not supposed to be web-
> accessible for ASP.Net applications. It's the same principle that all
> of IIS files are inside of \Windows\System32\inetsrv and IIS uses
> files in that directory to handle HTTP requests, but that directory is
> not web-accessible for security reasons.
>
> On versions of IIS prior to IIS6, the ASP.Net ISAPI runs inproc of
> inetinfo.exe as LocalSystem and can directly change IIS configuration
> on AppDomain initialization to disallow read access (you would have
> noticed this within the IIS properties between /bin and /include). On
> IIS6, ASP.Net ISAPI runs in w3wp.exe as Network Service (defaults)
> that cannot change IIS configuration (security reasons), so the "work
> around" was to filter out all access to /bin and reject with 404.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Aug 9, 2:02 pm, Jay Ohman
> wrote:
> > Specifically: HTTP Error 404.1 - File or directory not found: Web site not
> > accessible on the requested port.
> >
> > The problem is that this occurs on a specific directory: \bin
> > I can create a parallel directory, for example: \includes, that works just
> > fine (any other directory name works fine also)
> > This problem prevents ANY file in the directory from loading client-side,
> > for example, in a browser:
> > \includes\AceClubs.gif LOADS FINE
> > \bin\AceClubs.gif Error 404.1
> > (note thatwww.ohmancorp.com+ above paths are currently active, to show the
> > problem)
> > The problem is not specific to .gif, in fact I need .js files to client-side
> > load from \bin directory, which right now are not. Example, I need:
> > \bin\header.js
> >
> > Of course, any global/server/site specific MIME/ISAPI settings would apply
> > to all sub-directories, so since these files will load from \includes
> > directory then \bin should behave identical!
> >
> > Configuration of server: Windows Server 2003, Standard Edition - Stand-alone
> > server (Not AD-integrated)
> > Version 5.2.3790 SP2 - All known updates applied
> >
> > IIS config: fairly straight-up, in Web Service Extension, I allowed Active
> > Server Pages.
> > Server hosts 30 websites over 15 IP's, some sites use Host headers. Note
> > that this problem is the same between dedicated IP sites and Host-Header'd
> > sites.
> >
> > I have EXTENSIVELY compared ALL conceivable properties between the bin and
> > includes directory: all NTFS permissions, all IIS directory level properties:
> > all are identical. Both directories are in the same site, so what works with
> > one directory should work with the other directory. The problem is specific
> > to the bin directory, in that other directories in addition to the includes
> > work just fine. In fact, I have renamed the working \includes to \bin and
> > the Error 404.1 error occurs.
> >
> > Additionally, this problem is consistent for ALL of the sites on this
> > server. Therein lies the problem: if it was just one site, I'd just throw
> > all \bin files into \includes and be done. But all of these websites have
> > .js files in them, and to re-code all pages that refer to \bin would take a
> > couple days. Several of the sites interact with databases, which also have
> > stored data referencing to \bin.
> >
> > What really get's me: the specific error: ".... on the requested port".
> > Huh? Port 80 not found? This is a different port than the parallel or
> > parent directory, huh? I have to believe the error message is mis-leading.
> > But 9 hours of searching and trying to find troubleshooting guidance have
> > proved fruitless.
> >
> > Any assistance in resolving and/or troubleshooting this would be greately
> > appreciated!!
> >
> > Thanks in advance...
> > ---Jay R O
>
>
>

Re: IIS 6.0 generating 404.1 error for "bin" sub-directory

Jay wrote on Thu, 9 Aug 2007 22:52:00 -0700:

> Constructive note to Microsoft (and therapeutic venting for 12 hours
> wasted).
> I just verified that my first web site was created August 1996, running
> from an Apache server. My use of bin directories go back that far.
> Of course, current context of bin under ASP.NET has evolved from my
> context.

I've been using bin dirs since late 1994 under the EMWAC server on Windows
NT 3.5 (wow, that takes me back, although our first e-commerce site went
public in Feb 1995 after some months of testing, looking back it was awful).
The "bin" dir back then was always treated as a place to put exectuables
(ie. CGI), not for putting content. When I moved to ASP (originally on
WebSite Pro, but now moved to IIS), which is a scripting technology rather
than CGI, the concept of not putting scripts into "bin" remained - ASP and
other similar scripting technologies were designed to be used from content
dirs, and CGIs remained in their own "bin" (in my case cgi-bin in sites on
WS and IIS) dirs.

Dan