IIS does not GET hidden files

iis

I am using IIS v10.0.17763.1 on a Windows Server 2019. A few months back I was able to GET files which have the Hide-attribute. This does not work any longer and returns with a 404.9 Requesting a PROPFIND on that file works like a charm.

The test file itself is a simple test.txt with the content Hello world.

The log file does not contain anything helpful: 2021-01-22 10:00:07 10.0.20.4 GET /foobar/Configurator/test.txt - 80 foobar\administrator 10.0.20.4 PostmanRuntime/7.15.2 - 404 9 2 1

The assumption would be that some kind of Windows update broke this behavior, as there were no changes to the IIS's configuration and can be reproduced on other (updated) systems where no changes were done in the IIS.

PS C:\Users\Administrator.QA> Get-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST" -Filter "system.webServer/webdav/authoring/fileSystem" -Location "Default Web Site" -Name "allowHiddenFiles"
ItemXPath                   : /system.webServer/webdav/authoring/fileSystem
IsInheritedFromDefaultValue : False
IsProtected                 : False
Name                        : allowHiddenFiles
TypeName                    : System.Boolean
Schema                      : Microsoft.IIs.PowerShell.Framework.ConfigurationAttributeSchema
Value                       : True
IsExtended                  : False

PS C:\Users\Administrator.QA> Get-WebConfigurationProperty -PSPath "IIS:\sites\Default Web Site/foobar" -Filter /system.webServer/security/requestFiltering/fileExtensions -Name applyToWebDAV
ItemXPath                   : /system.webServer/security/requestFiltering/fileExtensions
IsInheritedFromDefaultValue : False
IsProtected                 : False
Name                        : applyToWebDAV
TypeName                    : System.Boolean
Schema                      : Microsoft.IIs.PowerShell.Framework.ConfigurationAttributeSchema
Value                       : False
IsExtended                  : False

PS C:\Users\Administrator.QA> Get-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST" -Location "Default Web Site/foobar" -Filter /system.webServer/security/requestFiltering/hiddenSegments -Name applyToWebDAV
ItemXPath                   : /system.webServer/security/requestFiltering/hiddenSegments
IsInheritedFromDefaultValue : False
IsProtected                 : False
Name                        : applyToWebDAV
TypeName                    : System.Boolean
Schema                      : Microsoft.IIs.PowerShell.Framework.ConfigurationAttributeSchema
Value                       : False
IsExtended                  : False

Any suggestions which option might fix this? Or which Windows update may have broken it?

I've found this one: https://docs.microsoft.com/en-us/troubleshoot/iis/hidden-static-files-http-404-access-denied But I do not see how this may help.

UPDATE

After some consultation with the Microsoft support, I have two options:

Remove the hidden attribute or
Write my own static file handler

I got those hints on how to do the latter:

The current code of the static file handler can be found on https://referencesource.microsoft.com/#system.web/StaticFileHandler.cs The code which throws the exception is that one:

// To be consistent with IIS, we won't serve out hidden files
if ((((int)fileInfo.Attributes) & ((int)FileAttributes.Hidden)) != 0) {
  throw new HttpException(HttpStatus.NotFound, SR.GetString(SR.File_is_hidden));
}

An article on how to create a custom handler can be found on https://docs.microsoft.com/en-us/iis/develop/runtime-extensibility/developing-iis-modules-and-handlers-with-the-net-framework

Solution 1:

IIS doesn't serve static files with a hidden attribute, never did. There was no change in IIS or Windows.

Just remove the attribute on your files.

Any dynamic files with a hidden attribute are still served to the client, because they run through different file handlers.

IIS does not GET hidden files

Solution 1:

Related

Recent Posts