3

We have a Classic ASP [filename.asp] site hosted on an IIS6 Server (Win 2003). I recently found that these files were being downloaded entirely using HTTrack. I was under the assumptions that such filed are only "Serverd" and not offered to be downloaded directly from an IIS server. I thought only plain HTML/CSS/js files could be downloaded.

How to ensure that classic ASP files are served and not downloaded directly.

Note: Directory browsing is OFF.

JamesT
  • 93
  • 1
  • 13
  • 1
    You mean the *source* of the ASP files is available? That should **not** happen on a correctly configured and patched server ... – Alex K. Nov 18 '15 at 11:25
  • Yes Alex,That's what I thought too, but seems its just serving the files right up WITH THE SOURCE into the site scanner HTTRACK. Any insights on how to correct this will be highly appreciated. Normally browsing the site seems to be rendering the pages correctly. Thank you. – JamesT Nov 18 '15 at 11:36
  • 1
    Are you running httrack locally? If so run it with Fiddler/WireShark active to capture the exact http request that causes the source to be returned, that may reveal something. – Alex K. Nov 18 '15 at 11:46
  • Not sure how this can happen unless you have not configured the ASP ISAPI filter correctly or you expose the site through some other means like FTP for example. – user692942 Nov 18 '15 at 11:46
  • Yes Alex, I am running HTTRACK locally and connecting to a remote IP. – JamesT Nov 18 '15 at 11:57
  • Hi Lankymart, Thanks for replying. Can you please suggest what could be possibly wrong in the ASP ISAPI config? I dont see any way to make any adjustment inside IIS Manager. Thanks. – JamesT Nov 18 '15 at 11:58
  • 4
    Are you positive that the files HTTRACK is generating contain the ASP source code or are they just representations of the HTML that is generated after the ASP Engine has executed the server-side code? Are there any signs of `<% %>` tags in the generated files? – user692942 Nov 18 '15 at 14:22
  • What do the IIS logs say about this? Do they show GET or POST or something else as the method? Are you running HTTRACK on the same machine that you're running IIS? – Mark Nov 22 '17 at 00:35

0 Answers0