back to the top
- On the taskbar click start, point to
Settings, and then click Control Panel.
- Double-click to open the Administrative Tools folder and then double-click to run Internet Services Manager.
- Right-click the virtual server or the virtual folder that contain your ASP.NET application and then click
- Select the Home Directory or the
Directory tab. If an application has not been created for the virtual folder, click Create under Application Settings.
- Under Application Settings, click
- To identify the location of the Aspnet_isapi.dll file that handles the ASP.NET requests, select the .aspx application mapping and then click Edit.
- The Add/Edit Application Extension Mappingdialog box appears. Select the text in the Executable field and then press CTRL+C to copy the text to your Clipboard.
- Click Cancel to return to the
Application Configuration dialog box.
- Now, add application mappings for each extension that you want ASP.NET to block. To do this, click Add. Then, in the
Executable field, press CTRL+V to paste the path of your Aspnet_isapi.dll file.
- In the Verbs section, select the
All Verbs option. Verify that the Script Engine check box is selected and that the Check If File Exists check box is not selected.
- Click OK.
- Repeat this procedure for every file name extension that you want to have processed by ASP.NET.
- Open the Web.config file in a text editor such as Notepad. The Web.config file is located in the root directory of your Web application.
- In the Web.config file add the <httpHandlers> configuration element under the <system.web> element.
Note You must not copy the <httpHandlers> element from the Machine.config file. The reason you must not copy the <httpHandlers> element is because the <httpHandlers> element permits you to add additional file types without completely overriding the Machine.config settings.
- In the <httpHandlers> element, use <add> sub tags to specify additional file types that you want blocked. Set the verb attribute equal to “*”. When you do this, you specify that all types of HTTP requests are blocked. Define the path attribute as a wildcard character that matches the types of files you want to block. For example, you may specify “*.mdb”. Finally, set the type attribute to “System.Web.HttpForbiddenHandler". The code sample that follows shows how to configure the "httpHandlers" section in the Web.config file:
<add verb="*" path="*.mdb" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.csv" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.private" type="System.Web.HttpForbiddenHandler" />
- Save the Web.config file. The ASP.NET application automatically restarts.
Article ID: 815152 - Last Review: Mar 24, 2009 - Revision: 1