I am running a classic ASP website where my online users can attach files to the internal message system. But whenever they upload an attachment with more then 3 characters in the file extension, the server gives me a 404.
Files like mypicture.jpg works fine, but files like mydocument.docx doesn't work?
Any suggestions?
IIS6 will only serve documents where the file extension is mapped to a mime type in the mime map property for the server or the site. In order to serve the more recent Office 2007 document types you will need to add extra mappings.
There are a number of places where you can find a list of these new mime types.
This is a simple one; from Office 2007 mime types for IIS:
.docm,application/vnd.ms-word.document.macroEnabled.12
.docx,application/vnd.openxmlformats-officedocument.wordprocessingml.document
.dotm,application/vnd.ms-word.template.macroEnabled.12
.dotx,application/vnd.openxmlformats-officedocument.wordprocessingml.template
.potm,application/vnd.ms-powerpoint.template.macroEnabled.12
.potx,application/vnd.openxmlformats-officedocument.presentationml.template
.ppam,application/vnd.ms-powerpoint.addin.macroEnabled.12
.ppsm,application/vnd.ms-powerpoint.slideshow.macroEnabled.12
.ppsx,application/vnd.openxmlformats-officedocument.presentationml.slideshow
.pptm,application/vnd.ms-powerpoint.presentation.macroEnabled.12
.pptx,application/vnd.openxmlformats-officedocument.presentationml.presentation
.xlam,application/vnd.ms-excel.addin.macroEnabled.12
.xlsb,application/vnd.ms-excel.sheet.binary.macroEnabled.12
.xlsm,application/vnd.ms-excel.sheet.macroEnabled.12
.xlsx,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.xltm,application/vnd.ms-excel.template.macroEnabled.12
.xltx,application/vnd.openxmlformats-officedocument.spreadsheetml.template
Adding all mime-types to IIS in one step is very simple:
The easiest way to do this is stopping IIS and editing the metabase
XML file (C:\WINDOWS\system32\inetsrv\MetaBase.xml) using a text
editor. Search for the <IIsMimeMap Location="/LM/MimeMap" /> element
and append the lines above to the MimeMap attribute
The server probably has no mime-type defined for docx and such file extensions.
Related
Hi All I am getting below error, There is no publishing error. and also checked by deploying a MVC core 2.1 application which is generated by VS 2017 and the application also contains the font file. In that it does not produce any error and runs fine. But the project its giving below exception and the details are...
The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.
Most likely causes:
It is possible that a handler mapping is missing. By default, the static file handler processes all content.
The feature you are trying to use may not be installed.
The appropriate MIME map is not enabled for the Web site or application. (Warning: Do not create a MIME map for content that users should not download, such as .ASPX pages or .config files.)
If ASP.NET is not installed.
Things you can try:
In system.webServer/handlers:
Ensure that the expected handler for the current page is mapped.
Pay extra attention to preconditions (for example, runtimeVersion, pipelineMode, bitness) and compare them to the settings for your application pool.
Pay extra attention to typographical errors in the expected handler line.
Please verify that the feature you are trying to use is installed.
Verify that the MIME map is enabled or add the MIME map for the Web site using the command-line tool appcmd.exe.
To set a MIME type, use the following syntax: %SystemRoot%\windows\system32\inetsrv\appcmd set config /section:staticContent /+[fileExtension='string',mimeType='string']
The variable fileExtension string is the file name extension and the variable mimeType string is the file type description.
For example, to add a MIME map for a file which has the extension ".xyz": appcmd set config /section:staticContent /+[fileExtension='.xyz',mimeType='text/plain']
Warning: Ensure that this MIME mapping is needed for your Web server before adding it to the list. Configuration files such as .CONFIG or dynamic scripting pages such as .ASP or .ASPX, should not be downloaded directly and should always be processed through a handler. Other files such as database files or those used to store configuration, like .XML or .MDF, are sometimes used to store configuration information. Determine if clients can download these file types before enabling them.
Install ASP.NET.
Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
Detailed Error Information:
Module StaticFileModule
Notification ExecuteRequestHandler
Handler StaticFile
Error Code 0x80070032
Requested URL https://~1GpsLearning:80/Content/fonts/glyphicons-halflings-regular.woff
Physical Path D:\Program Files (x86)\SiteExtensions\Kudu\79.20129.3767\Content\fonts\glyphicons-halflings-regular.woff
Logon Method Anonymous
Logon User Anonymous
It was the issue of up-gradation from 2.0 to 2.1, SO I created a fresh application in 2.1 core and just implemented my other code as it is and every thing worked fine and is running on azure very smoothly.
I want the users of my webapp to be able to click an href link leading directly to the content of .csv files located on the IIS server, just as if it was a .txt file. I don't want the browser to open the download file dialog which obviously forces the users to download the file in order to see it quickly and that's not what I want.
In a nutshell, (how) can we force the browsers to display csv files as text/plain without having the hand on the http requests (href link) ? Is it possible in IIS 7 ?
Thanks a lot.
I made a Website using Web Matrix.
I added that site to IIS web server under websites in Windows 8.
I added MIME Type for .cshtml file as text/html in IIS web server?
Razor code is not getting executed and getting rendered as plain text in browser.
Am I getting error because of wrong MIME type ?
How should I resolve this ?
Yes, that's exactly why it's not showing correctly. The MIME type shouldn't be added, that comes directly from the Handler Mappings section, so just delete the MIME type you added and it should work fine.
HI
I have the following (apparently simple) problem: I have to install a simple website, made by someone else, on a web hosting account. The site consists of lot and lot of HTML pages, no dynamic content, created some in MS Word and saved as html, some in frontpage, etc. A mixed bag.
I uploaded initially on a test account on my server (Win Server 2003) and it works ok.
Then I uploaded on the real web hosting (fedora / apache).
When I loaded the site in browser I see lot of odd craracters (instead of diacritics, used in html pages). Duacritics were saved as escape code, like & #350; for Ș (using codepage 1252).
The problem is, when I load the page from my own test server, the browser select automatically correct codepage (1252).
But when I load the site from public host, the same bowser loads the page using utf-8 encoding, rendering page with odd caracrets.
The test site on my server can be seen at http://radu-stanian.dnsalias.com and on public server at http://radustanian.scoli.edu.ro/
This happens no matter what browser I use (IE, ff or chrome)
What should I do to force browsers to load the pages in correct codepage?
Making changes to every page is not an option, because there are hundreds of pages, created by various peoples which could edit them further for update
Thank you
I did a quick google search and this is what I came up with:
http://www.w3.org/International/questions/qa-htaccess-charset
I've never messed with the .htaccess files with this scenario, but from what I read up it seems like you can force a certain character codepage mode based on file extension, which is what you need.
I'm not sure if it works, but hopefully it does :)
Most web servers allow you to edit HTTP headers. One of them can specify the exact codepage for a browser to use.
For example:
Content-Type: text/html; charset=ISO-8859-4
I have a folder in my web server used for the users to upload photos using an ASP page.
Is it safe enough to give IUSR write permissions to the folder? Must I secure something else?
I am afraid of hackers bypassing the ASP page and uploading content directly to the folder.
I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP.
Edit: Changing the question for clarity and changing my answers as comments.
also, I would recommend not to let the users upload into a folder that's accessible from the web. Even the best MIME type detection may fail and you absolutely don't want users to upload, say, an executable disguised as a jpeg in a case where your MIME sniffing fails, but the one in IIS works correctly.
In the PHP world it's even worse, because an attacker could upload a malicious PHP script and later access it via the webserver.
Always, always store the uploaded files in a directory somewhere outside the document root and access them via some accessing-script which does additional sanitizing (and at least explicitly sets a image/whatever MIME type.
How will the user upload the photos? If you are writing an ASP page to accept the uploaded files then only the user that IIS runs as will need write permission to the folder, since IIS will be doing the file I/O. Your ASP page should check the file size and have some form of authentication to prevent hackers from filling your hard drive.
If you are setting up an FTP server or some other file transfer method, then the answer will be specific to the method you choose.
You'll have to grant write permissions, but you can check the file's mime type to ensure an image. You can use FSO as so:
set fs=Server.CreateObject("Scripting.FileSystemObject")
set f=fs.GetFile("upload.jpg")
'image mime types or image/jpeg or image/gif, so just check to see if "image" is instr
if instr(f.type, "image") = 0 then
f.delete
end if
set f=nothing
set fs=nothing
Also, most upload COM objects have a type property that you could check against before writing the file.
Your best bang for the buck would probably be to use an upload component (I've used ASPUpload) that allows you to upload/download files from a folder that isn't accessible from the website.
You'll get some authentication hooks and won't have to worry about someone casually browsing the folder and downloading the files (or uploading in your case), since the files are only available through the component.