Reputation: 2897
How to disable or remove DirectoryListingModule in IIS to prevent HTTP 405 error
I've written an ASP.Net web app with a custom HTTP handler. However, after importing the app into IIS 7.5, IIS returns this when the app is invoked:
HTTP/1.1 405 Method Not Allowed
When I enable the Failed Request Tracing Rules feature to trap HTTP 405 errors I see this:
My handler does not get invoked. So I'd like to remove the DirectoryListingModule. But, similar to @Brendan Hill here, nothing I've tried seems to disable the module. Even commenting out all the lines that mention this module in C:\Windows\System32\inetsrv\Config\applicationHost.config doesn't work:
<!--add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" /-->
<!--add name="DirectoryListingModule" lockItem="true" /-->
<!--add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" /-->
Like @Brendan Hill I would prefer a solution in my app's Web.config so I don't have to fiddle with IIS's settings. Excerpt from my current Web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="AuthServiceHandler"
path="*."
verb="*"
type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
If I import my app into the Default Web Site in IIS and bind it to 9000 I can invoke the app with a POST request to http://localhost:9000 . This URL is fine; I'm not trying to request any web pages.
Upvotes: 3
Views: 4388
Answers (1)
Reputation: 2897
In the end I worked around the problem by creating a dummy web page and binding the handler to that for the POST verb I was interested in:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="AuthServiceHandler"
path="dummy.html"
verb="POST"
type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
The handler would then be triggered for calls to http://localhost:9000/Auth/dummy.html, where Auth was the name of my app when deployed under the Default Web Site in IIS. (I hadn't appreciated I needed the context as well when I posted the question above.) So the DirectoryListingModule was effectively bypassed.
Handily, by binding the handler to the POST verb only you can use the same 'dummy' web page to provide useful info for users if they browse to it in a web browser (because the browser sends a GET request which won't be intercepted by the handler).
No IIS settings needed to be changed. This worked for me using IIS 7.5 on Windows 7.
Upvotes: 1
Related Questions
- Asp.NET Web API - 405 - HTTP verb used to access this page is not allowed - how to set handler mappings
- HTTP Error 405.0 - Method Not Allowed in IIS Express
- ASP.NET MVC on IIS 7.5 - Error 403.14 Forbidden
- IIS 7.5 405 Method Not Allowed for PUT from StaticFileModule
- HTTP Error 405.0 - Method Not Allowed
- Redirect to an .aspx page from a MVC 4 Controller
- Script error with sitecore 6.5 + .NET 4.5 on IIS7.5
- When I browse http://localhost:8004/elmah.axd, it generates 404 error