Re: Href to .exe gives a 404 file not found error

From: David Wang [MS] (someone@online.microsoft.com)
Date: 09/28/02

• Next message: David Wang [MS]: "Re: WHY? "HTTP/1.1 400 Bad Request" error login page -all browsers except IE/PC"
• Previous message: David Wang [MS]: "Re: Anonymous works 1 Day ??"
• In reply to: Ravi: "Re: Href to .exe gives a 404 file not found error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "David Wang [MS]" <someone@online.microsoft.com>
Date: Sat, 28 Sep 2002 02:15:56 -0700

Just a note here that you are allowing any EXE to execute (essentially
disabling portions of lockdown).

This actually works a lot better on IIS6, where you can define exactly the
EXE that can execute (and nothing else). In the case that the vdir allows
executable, only those allowed EXE/DLL will execute; all else are denied.
In the case that the vdir does not allow executable, you can use MIME Map
(Known Extension) to configure whether EXE files can be downloader or not.

i.e. IIS6 would allow you to configure what you want without the caveat I
just gave in my initial sentence.

--
//David
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Ravi" <ravipillai@hotmail.com> wrote in message
news:a4bb01c265a8$fe1eaed0$3aef2ecf@TKMSFTNGXA09...
Hi Jeff,
Thanks for the note. It was the problem indeed and I
resolved it right away.
Thanks
Ravi
>-----Original Message-----
>>In IIS on Windows 2000 Server, I get file not found
error
>>message when a link points to an exe. Previously, it
used
>>to download the executable to the client.
>>
>>The option 'Allow Authors to upload executables" is
>>checked on at the root level.
>>
>>Anonymous access is also granted to the executable file.
>>
>>The link is in a html file residing on the same folder
as
>>the executable and it just has the executable's file
name
>>in href (abosulte path is not useed and protocol is not
>>explicitly passed.) Access to the site is granted
through
>>port 8010 only.
>>
>>Any suggestion is greatly appreciated.
>
>Did you install URLScan or the IIS lockdown tool and
forget to allow
>the EXE extension in the INI file?
>
>Jeff
>.
>

---

• Next message: David Wang [MS]: "Re: WHY? "HTTP/1.1 400 Bad Request" error login page -all browsers except IE/PC"
• Previous message: David Wang [MS]: "Re: Anonymous works 1 Day ??"
• In reply to: Ravi: "Re: Href to .exe gives a 404 file not found error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: OT: EXE files in HTML? ... >>> I would like to be able to put an EXE file at my Web ... > I would hope that it would download temporarily and execute ... some of the photos. ... (alt.usage.english) Re: IIS 6.0 CGI ... EXE) from the /Scripts virtual directory. ... Configure /Scripts vdir pointing to C:\Scripts with Execute Permissions ... Enable the Web Service Extension ... IIS6 does not allow scripts to execute on the server ... (microsoft.public.inetserver.iis) Re: So I click on this link... ... An .exe file is a Windows file. ... It won't run on the Mac OS. ... Giving it the suffix .exe will not prevent it running ... of .exe on the net is not put there to execute on a mac. ... (uk.comp.sys.mac) Re: CGI cant spawn process under IIS6 ... You do not need to change the ACL on CMD.EXE to spawn new processes -- ... and this will launch that EXE without using CMD.EXE to execute ... that I've got to change the permissions on ... (microsoft.public.inetserver.iis.security) Re: Firewall ... Then you have missed the point, because it's not the exe that wants access ... of Trojans when I do the baseline and everything is fine at the point of the ... account for Duane.exe being on the machine trying to execute. ... Duane.exe doesn't even need IEexplorer.exe to make the phone home call. ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)