Error 404 on /bin browsing

Question

I run IIS 7.5 on Windows Server 2008 R2.
I'm getting a 404: file not found error when I browse the "/bin" folder. I understand that this is a security policy by Microsoft.

I tried doing what is written in here but it didn't solve the issue. Any ideas?

EDIT:
Should be noted that I have no security issues. I run the IIS for direcotry browsing in a private network. Eventually I need to perform crawling and indexing on it. The problem is that pages under "/bin" and '/AppConfig" are not being crawled because of the 404 error.

I just need a solution for this issue. Again, no security issues are relevant here.

IIS 6 on Windows 2008 R2 is not possible. W2008 R2 is shipped with IIS 7.5. In all cases, browsing to bin is unsafe. Why would you do that ? — Steve B, Jul 04 '12 at 07:39
Make an aspx page that read and show this bin with secure and only on logged in users... — Aristos, Jul 04 '12 at 07:41
@user1251654: so the link you provided is no more valid as it points to W2K3 kb — Steve B, Jul 04 '12 at 07:42
Aristos, I didnt understand your solution. can't I change some configuration to allow directory browsing to this folders? — user1251654, Jul 04 '12 at 07:42
Steve, Yes I know. I didnt find any other solution for iis 7.5 so I tried what is written in the link. — user1251654, Jul 04 '12 at 07:43
See an example for what I mean: http://www.codeproject.com/Articles/301328/ASP-NETUser-Control-File-Browser — Aristos, Jul 04 '12 at 07:46
Bin is better to stay as it is to avoid get any virus or intruder. — Aristos, Jul 04 '12 at 07:47
@user1251654: please explain your requirement. We may find a solution to allow browsing BIN, but it's not a good practice. There is maybe other way to reach your goal. — Steve B, Jul 04 '12 at 07:51
Ok, I edited my quesion with clarification - no security issuses. I only need a solution that will alove browsing on all the blocked directories. — user1251654, Jul 04 '12 at 07:56
@user1251654: this is not a requirement. What you are asking here is how to solve a technical problem, not what is your real goal (the business requirement probably). What I'm asking is you describe your goal. Why would you have to browse the bin directory? — Steve B, Jul 04 '12 at 08:43
As I said - I crawl and index the filesystem. I need to do this via http and not via filesystem protocol becuase of other reasons. consider it as a base assumption. assume the only access I have to a filesystem which I need to crawl and index is via this directory browsing . /bin is one of the folders in the filesystem and thus I need to access it and index it. — user1251654, Jul 04 '12 at 08:47

Emanuele Greco · Accepted Answer · 2012-07-16T15:55:20.080

Bin folder is not intended as a place where a developer should put web pages.

In IIS 7.5 you can configure

Open Internet Information Services (IIS) Manager
In the Connections pane, go to the connection, site, application, or directory for which you want to modify your request filtering settings.
In the Home pane, double-click Request Filtering.
In the Request Filtering pane, click the Hidden Segments tab
Select the relative path that you want to show (BIN folder), and then click Remove in the Actions pane.

The same can be done via web.config

<configuration>
  <system.webServer>
   <security>
     <requestFiltering>
        <hiddenSegments applyToWebDAV="false">
           <remove segment="Bin" />
        </hiddenSegments>
     </requestFiltering>
   </security>
  </system.webServer>
</configuration>

Anyway, in orded to avoid problems on development server and on any deploy server, i think that the easiest solution is to move that pages to another folder.

Read here:

ASP.NET recognizes certain folder names that you can use   
for specific types of content.  
The following table lists the reserved folder names and the type   
of files that the folders typically contain.

Note
The content of application folders, except for the App_Themes folder,
is not served in response to Web requests,
but it can be accessed from application code.

App_Browsers Contains browser definitions (.browser files) that ASP.NET uses to identify individual browsers and determine their capabilities.
App_Code Contains source code for shared classes and business objects
App_Data Contains application data files including .mdf database files, XML files, and other data store files.
App_GlobalResources Contains resources (.resx and .resources files) that are compiled into assemblies with global scope.
App_LocalResources Contains resources (.resx and .resources files) that are associated with a specific page, user control, or master page in an application
App_Themes Contains a collection of files (.skin and .css files, as well as image files and generic resources) that define the appearance of ASP.NET Web pages and controls.
App_WebReferences Contains reference contract files (.wsdl files), schemas (.xsd files), and discovery document files (.disco and .discomap files) that let you create a Web reference for use in an application.
Bin Contains compiled assemblies (.dll files) for controls, components, or other code that you want to reference in your application.

We are hosting WordPress sites on IIS and plugins and themes like to use a bin folder for images and other assets, which broke styling and logo. We removed bin from the list of folders for that specific site and it worked great. Windows 2012, IIS 8. — ahwm, Nov 16 '17 at 16:22
@ahwm yes, you can do it an it works.. but Bin folder isn't intended for this purpouse. That's why this folder is protected by default. Now some private content can be served to users. — Emanuele Greco, Nov 17 '17 at 09:22
Yes, I am fully aware of that. That's why I enabled the bin folder *for that website **only***. A lot of PHP-based applications tend to make use of the bin folder in this fashion, even though they're not really supposed to (on *nix servers it doesn't matter). — ahwm, Nov 17 '17 at 19:06
Also, I should point out that the web application in IIS is only hosting a WordPress site. There's no ASP.NET application or anything and no bin folder in the website root. It's nested in like `site.com/wp-content/themes/theme/bin/` and in this instance this solution should be perfectly acceptable. — ahwm, Nov 17 '17 at 19:08

score 0 · Answer 2 · answered Jul 04 '12 at 08:09

0

Access \bin folder over network share, e.g. \\myserver\mysite\bin
Write ashx handler or asmx web service which will scan \bin folder for you and return the result for you, e.g. Directory.GetFiles(Server.MapPath("~\bin"))

answered Jul 04 '12 at 08:09

abatishchev

98,240
88
296
433

Are you sure there is no way to disable this security configuration in IIS? – user1251654 Jul 04 '12 at 08:37
@user1251654: I don't know such way, google gave nothing too, and honestly I doubt that this ways even exist. – abatishchev Jul 04 '12 at 08:59

Error 404 on /bin browsing

2 Answers2