IIS Hidden Static Files Return HTTP 404 or Access Denied Errors (216803)
The information in this article applies to:
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services version 6.0
This article was previously published under Q216803 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS Static files that have the hidden attribute set may return
an HTTP 404 or an Access Denied error when browsed, while dynamic files can
still be browsed. CAUSE This behavior is by design. RESOLUTION Configuring access control for all Web files should always
be implemented through NTFS permissions. MORE INFORMATION Dynamic files such as Active Server Pages (ASP) or
Server-Side Includes (SSI) are implemented through script-mapped ISAPI
extensions, in this case the Asp.dll and Ssiinc.dll files respectively. These
extensions preprocess the executable code in the files being requested and can
therefore read hidden files and return the expected HTML output to a client.
Direct Web browsing of hidden static files results in a "File not Found" or an
"Access Denied" error message.
| Modification Type: | Minor | Last Reviewed: | 6/23/2005 |
|---|
| Keywords: | kbhttp404 kbProd2Web KB216803 |
|---|
|