Issue: IIS blocks access to \bin folders and specific extension types

Version 4

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 2016.x

    This is due to an IIS security configuration which blocks access to \bin folders  and specific extensions. This can cause problems when adding additional files to distribution packages because the spicific filetypes/folders are blocked by IIS.

     

    This example shows how to allow to \bin folders  and .java extensions.

     

    There are two options to address  this problem, you must make some IIS configuration changes manually to the  web.config file that should be located in the package share and the  applicationHost.config file located in  \Windows\System32\inetsrv\config.

     

    Add the following changes in red to the web.config:

     

    <?xml version="1.0"  encoding="UTF-8"?>

    <configuration>

         <system.webServer>

            <defaultDocument  enabled="false" />

            <directoryBrowse  enabled="true" />

            <security>

               <requestFiltering>

                    <hiddenSegments>

                    <remove  segment="bin" />

                     </hiddenSegments>

                </requestFiltering>

            </security>

                     </system.webServer>

    </configuration>

     

    Performing this change in the web.config file allows you to only affect this HTTP share.

    Make the following change to the  applicationHost.config file to allow the .java extension to be used when parsing the file system to add the additional file:

    Location of ApplicationHost.config file: C:\Windows\System32\inetsrv\config

    1. Open the file in notepad.
    2. Search for “<requestFiltering>”
    3. Below the “<fileExtensions allowUnlisted="true" applyToWebDAV="true">” section  find “<add fileExtension=".java"  allowed="false"  />”.
    4. Change false to “true
    5. Save your changes
    6. Perform an IISreset  (From the command prompt type "IISRESET" and press enter).  This will stop and restart the IIS services and load the new configuration.

     

     

    Option  2:

     

    Using the IIS Manager  GUI:

    1. Select your http share under the Default Web Site and make sure the feature view is selected.
    2. Under the IIS section, double click on “Request Filtering”.
    3. You should now see various different rules, select the tab called “Hidden  Segments”.
    4. In the list that’s now displayed select “bin” and click on “remove” under the Actions column on the right.
    5. Now  click on the “File Name Extensions” tab and select “.java”. (it should display “false” in the Allowed column)
    6. Right click on .java and select remove.
    7. Under the Action column on the right, click Allow File Name  Extension…
    8. In  the dialog box that appears type “java” without the period and click  OK.
    9. Perform  an IISreset.    (From the command prompt type "IISRESET" and press enter).  This will stop and restart the IIS services and load the new configuration.