Connect Tech Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, 1 June 2012

Classic ASP parent paths are disabled by default

Posted on 23:44 by Unknown

Classic ASP Parent Paths let developers use relative addresses that contain ".." in the paths to files or folders. For example, the following code excerpt illustrates an ASP page that maps a parent path:
<%
   Response.Write Server.MapPath("../example.asp")
%>
In addition, the following code except illustrates an ASP page that references an included file in a folder that uses a parent path:
<!--#include file="../_fpclass/fpdblib.inc"-->
In several earlier versions of IIS, parent paths were enabled by default. In IIS 6.0 the default behavior changed to disable parent paths, and this was done for security and design reasons: by preventing the execution of parent paths, you are preventing the inclusion of content across security or application boundaries. By default, class ASP script error messages are not sent to the Web browser, and any attempts to use parent paths will return the following error message to a Web browser:
An error occurred on the server when processing the URL. Please contact the system administrator.
If you are the system administrator, please click here to find out more about this error.
(Note: The ASP script error message listed above may be customized. For more information, see the Classic ASP script errors are no longer shown in a Web browser by default topic.)
If you enable sending ASP script error messages and your classic ASP scripts attempt to map a path in a parent folder, you receive the following error message in your Web browser:
Server.MapPath() error 'ASP 0175 : 80004005'
Disallowed Path Characters
/test/example.asp, line 100
The '..' characters are not allowed in the Path parameter for the MapPath method.
When your classic ASP scripts attempt to include a page that uses parent paths in IIS 7.0, you receive the following error message in your Web browser:
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/test/example.asp, line 100
The Include file '../_fpclass/fpdblib.inc' cannot contain '..' to indicate the parent directory.

Working with User Access Control

You need to make sure that you follow the steps in this document by using an account that has full administrative permissions. This is best accomplished by using one of two methods:
  • Log in to your computer by using the local administrator account.
  • If you are logged in using an account that has administrative permissions but that is not the local administrator account, open all applications and all command prompt sessions by using the "Run as Administrator" option.
These above conditions are required because the User Account Control (UAC) security component in Windows Vista and Windows Server 2008 will prevent administrative access to IIS 7.0’s configuration settings.

Resolving Parent Paths Issues

Using Virtual Paths

As an alternative to using parent paths in your ASP code, you can use virtual paths. Virtual paths require that you enter the full folder path from the URL root of your Web site. For example:
Mapping paths:
<%
   Response.Write Server.MapPath("/test/example.asp")
%>
Including paths:
<!--#include virtual="/_fpclass/fpdblib.inc"-->

Enabling ASP Parent Paths

You can enable or disable parent paths by using IIS Manager. To do so, open IIS Manager and navigate to the site or application where you want to configure parent paths, and then-double click the ASP feature.

In the list of ASP features, configure the Enable Parent Paths option.

You can also configure this setting by using the command-line tool AppCmd.exe with the following syntax:
appcmd.exe set config "Default Web Site" -section:system.webServer/asp /enableParentPaths:"False" /commit:apphost


Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • How to schedule a PHP script in task scheduler
    Quiet often there is a need to execute/run  php  script on some time interval at server side. And that php scripts should run automatically ...
  • HTTP Error 403.19 – Forbidden The configured user for this application pool does not have sufficient privileges to run CGI applications.
    If you get the error “HTTP Error 403.19 – Forbidden The configured user for this application pool does not have sufficient privileges to...
  • Roles and Features showing an error HRESULT: 0x800F0818 in Server Manager of windows server 2008 R2
    When you open Server Manager both Roles and Features display Error and you are unable to add any role or features. When you select the det...
  • Error - "Failed to retrieve data for this request (Microsoft.SqlServer.Management.sdk.sfc)"
    ErrError    - In Microsoft SQL Management Studio 2008, you receive the following error message when you try to expand the Databases:      ...
  • How to configure IIS 7 to redirect non-www domain to www domain?
    One of few legacy leftovers that was never dropped over the years is the common use of www domain prefix. It is not a problem per se for us...
  • Back up all MS SQL databases at once
    This article will discuss how to backup all MS SQL databases with one script. A separate file will be created for each database. Log into ...
  • The media family on device is incorrectly formed. SQL Server cannot process this media family Error: 3241
    When you try to restore a backup of the database you get the following error: The media family on device ” is incorrectly formed. SQL Server...
  • How to check Malware injection in Code
    To check Malware injection in your script/Code you can use a Web based Google Tool called “Webmasters Tools” You can find it here Google We...
  • An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
    If you are facing the following error while accessing the website: Error Summary HTTP Error 500.24 - Internal Server Error An ASP.NET settin...
  • Stopping Unneeded Services In Windows Server 2008
    By  default Windows 2008 starts with a number of services that actually do not need to be running. Many of these services can impact perfo...

Categories

  • booting Process
  • linux
  • redhat

Blog Archive

  • ►  2013 (68)
    • ►  July (1)
    • ►  May (2)
    • ►  April (11)
    • ►  March (54)
  • ▼  2012 (44)
    • ►  September (20)
    • ►  August (1)
    • ►  July (4)
    • ▼  June (12)
      • Enable Canonical URL in IIS7 for SEO
      • How to disable web.config Inheritance for Child Ap...
      • New in IIS 7 - App Pool Isolation
      • Application Pool Identities
      • Ensure Security Isolation for Web Sites
      • Getting Started with AppCmd.exe
      • Introduction to ApplicationHost.config
      • How to Capture ASP.NET Page Trace Events in IIS 7....
      • Installing and Configuring Web Deploy
      • Classic ASP parent paths are disabled by default
      • Classic ASP Script Error Messages No Longer Shown ...
      • Classic ASP Not Installed by Default on IIS 7.0 an...
    • ►  May (2)
    • ►  March (4)
    • ►  February (1)
  • ►  2011 (1)
    • ►  February (1)
  • ►  2009 (9)
    • ►  September (3)
    • ►  August (2)
    • ►  June (1)
    • ►  May (2)
    • ►  March (1)
Powered by Blogger.

About Me

Unknown
View my complete profile