Forgot your password?

Home > About Us > Modern Signal Blog >Disabling Script Execution in a Directory in IIS7

Disabling Script Execution in a Directory in IIS7

Last night I was trying to disable script execution in the uploads folder of a site running in IIS (Windows 2008).  It is also running ColdFusion, which turned out to be important.  I ran into a couple problems.

The first was that I had no idea how to do that in IIS7.  I knew how to do it in IIS6, but everything is different in IIS7.  I thought I would be able to just find it, but after poking around for a while, I gave up and ran to Google.  Turns out the new location to set this is in Handler Mappings.  If you go to the Handler Mappings feature for a directory and click on "Edit Feature Permissions...", you can uncheck the "Script" permission.

So I did that, and I thought I was done, but then I noticed that not only could I not run scripts from the directory, but trying to access a static file, such as a gif, also gave me a "403 Access Denied" message.  Strange.

It turns out that ColdFusion installs a wildcard script map, which means that it is set up to handle all files, even static ones.  I don't know what the reason for this is (and I would love to find out if anybody knows), but it was getting in the way of the default static file handler.  I had to remove that handler for the directory in order for the static files to be served properly.

Comments

David Hammond's Globally Recognized Avatar One update. I just had to do this again, and I noticed that this time the second step (removing the CF mapping) was not necessary. Disabling scripts for the directory automatically disabled all of the script-related mappings. Not sure if IIS has been patched since I tried this last, or if there was something else different in the circumstances, but there you are.

Posted on February 2, 2010 11:15:05 AM EST by David Hammond

Doug's Globally Recognized Avatar Thank you for the information!! I appreciate it.
It's exactly the same situation for me... IIS & CF.
It essentially makes it a dead directory to execute anything, including displaying images directly in that directory, but accessing from other directories is perfect.

Posted on February 22, 2010 7:58:15 PM EST by Doug

vdub's Globally Recognized Avatar I have the same proble and am looking at the handler mappings. Is the CF the one that says STATICFILES with *? Can I just disable that one?

Posted on March 15, 2010 10:20:46 AM EDT by vdub

David Hammond's Globally Recognized Avatar I should have been more specific. The mapping that ColdFusion uses is actually named something like "AboMapperCustom-71305919" with a path of "*". That needs to be removed.

Posted on March 15, 2010 10:47:13 AM EDT by David Hammond

Asha's Globally Recognized Avatar HI,

I just tried disabling script permissions for a directory IIS7 but my wildcard handler mapping doesnt get disbaled for some reason.Can you please let me know if you know of any such behaviour.

Thanks,
Asha.

Posted on May 19, 2010 8:32:46 AM EDT by Asha

Leave this field empty

Testimonials

  • Modern Signal worked with us to understand our needs and figure out what solution would work best for us. Our Lighthouse CMS is perfectly suited to our website goals. When we later needed to modify the CMS, they again took the time to understand exactly what was  needed and then built that functionality rather than delivering a cookie cutter solution.   

    - Ecosystem Investment Partners

  • We wouldn’t have gotten where we are today without your support over the years.  Modern Signal has always been a great partner to us.

    - Kirk Gillis, Managing Director at Zoom Tanzania

  • I felt as if my company was their only client. They responded to my needs quickly and efficiently despite short turn around time and intense demands.

    - Teaching Strategies, Inc.

  • Modern Signal has a professional staff that was very responsive to our needs during all phases - scoping, developing, implementing and maintaining - of our project.  We have been pleased with their ability to deliver quality work on time and on budget. If given the opportunity, I would work with them again.

    - The National Center for Safe Routes to School

  • Modern Signal understands our business - from future needs to current limitations - so their solutions are always scalable, solid, and service-oriented.

    - National Association of Home Builders

  • I love working with Modern Signal! Their CMS is very easy to use and they are incredibly responsive to questions or challenges I bring them.

    - NALP

  • Modern Signal significantly enhanced our site to be more efficient and user-friendly. They provide excellent customer service with timely and cost-effective solutions.

    - Center for Medicare Education

  • Modern Signal has been a great partner for us for over the past 10 years.  As our business grew and our needs changed, Modern Signal was able to work with us to adjust our website platform in the ever-changing online world.  Their service and response level has been second to none, and we've been never been happier with our relationship with them.

    - Charm City Run

  • This was by far the smoothest website redevelopment I have ever experienced. Modern Signal was a wonderful company to work with and we greatly value our working relationship. 

    - National Association of Student Financial Aid Administrators