Traverse Driectory Restriction (ASP 0175 80004005 Disallowed Path Characters )

IIS Log file: "ASP_0175_:_80004005|Disallowed_Path_Characters"

Am migrating website from Windows 2000 to Windows 2003.

I'm no developer, and it's taken me a while to figure out why the new
website doesn't function correctly - internal 500 error.
The website runs ASP and interacts with a little Access MDB via Jet. This
function fails under Windows 2003.

Turns out, all the ASP files use the referrer "../db/access.mdb". IIS under
2003 has restricted this "../" as it was exploited by worms as the Directory
Traversal exploit (which I was actually hit by back in 2001!)

I don't want to have to go through every ASP file and find evey reference to
"../" and replace them with full folder paths.

Can I, instead, simply lift this "folder reversal" restriction on the IIS
server (whether recommended or not).

As is usually the case with situations like this, I am desparate to have
this server up and running - at any cost.

Thanks for any suggestions.

Kristofer
Fri Jan 06 06:33:56 CST 2006

Hello,

This KB Article explains your situation and how to solve it:

"Enable Parent Paths Is Disabled by Default in IIS 6.0"
http://support.microsoft.com/default.aspx?scid=kb;en-us;332117



--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


Stephen Henihan wrote:

>IIS Log file: "ASP_0175_:_80004005|Disallowed_Path_Characters"
>
>Am migrating website from Windows 2000 to Windows 2003.
>
>I'm no developer, and it's taken me a while to figure out why the new
>website doesn't function correctly - internal 500 error.
>The website runs ASP and interacts with a little Access MDB via Jet. This
>function fails under Windows 2003.
>
>Turns out, all the ASP files use the referrer "../db/access.mdb". IIS
>under 2003 has restricted this "../" as it was exploited by worms as the
>Directory Traversal exploit (which I was actually hit by back in 2001!)
>
>I don't want to have to go through every ASP file and find evey reference
>to "../" and replace them with full folder paths.
>
>Can I, instead, simply lift this "folder reversal" restriction on the IIS
>server (whether recommended or not).
>
>As is usually the case with situations like this, I am desparate to have
>this server up and running - at any cost.
>
>Thanks for any suggestions.

Stephen
Fri Jan 06 07:55:33 CST 2006

Spot on! That worked.

Much obliged, Kristofer.

"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
news:xn0egwuuy65sow000@news.microsoft.com...
> Hello,
>
> This KB Article explains your situation and how to solve it:
>
> "Enable Parent Paths Is Disabled by Default in IIS 6.0"
> http://support.microsoft.com/default.aspx?scid=kb;en-us;332117
>
>
>
> --
> Regards,
> Kristofer Gafvert
> http://www.gafvert.info/iis/ - IIS Related Info
>
>
> Stephen Henihan wrote:
>
>>IIS Log file: "ASP_0175_:_80004005|Disallowed_Path_Characters"
>>
>>Am migrating website from Windows 2000 to Windows 2003.
>>
>>I'm no developer, and it's taken me a while to figure out why the new
>>website doesn't function correctly - internal 500 error.
>>The website runs ASP and interacts with a little Access MDB via Jet. This
>>function fails under Windows 2003.
>>
>>Turns out, all the ASP files use the referrer "../db/access.mdb". IIS
>>under 2003 has restricted this "../" as it was exploited by worms as the
>>Directory Traversal exploit (which I was actually hit by back in 2001!)
>>
>>I don't want to have to go through every ASP file and find evey reference
>>to "../" and replace them with full folder paths.
>>
>>Can I, instead, simply lift this "folder reversal" restriction on the IIS
>>server (whether recommended or not).
>>
>>As is usually the case with situations like this, I am desparate to have
>>this server up and running - at any cost.
>>
>>Thanks for any suggestions.