如何禁用或删除IIS以DirectoryListingModule prevent HTTP 405错误 [英] How to disable or remove DirectoryListingModule in IIS to prevent HTTP 405 error

问题描述

我写了一个自定义HTTP处理一个ASP.Net Web应用程序。然而，导入应用到IIS 7.5后，调用应用程序时，IIS会返回这样的：

  HTTP / 1.1 405不允许的方法
 

当我启用失败请求跟踪规则功能来捕获HTTP 405错误，我看到这一点：

我的处理程序不会被调用。所以我想删除的DirectoryListingModule。但是，类似@Brendan山这里，什么我已经试过似乎禁止模块。即使注释掉所有在C提及此模块的线路：\\ WINDOWS \\ SYSTEM32 \\ INETSRV \\ CONFIG \\的applicationHost.config不起作用：

 ＆LT;！ - 添加名称=DirectoryListingModule形象=％WINDIR％\\ SYSTEM32 \\ INETSRV \\ dirlist.dll/  - ＆GT;
＆LT;！ - 添加名称=DirectoryListingModulelockItem =真/  - ＆GT;
＆LT;！ - 添加名称=StaticFile路径=*动词=*的模块=StaticFileModule，DefaultDocumentModule，DirectoryListingModule= resourceType为不是requireAccess =读取/  - ＆GT;
 

就像@Brendan山我会preFER在我的应用程序的Web.config的解决方案，所以我没有与IIS的设置拨弄。从我目前的Web.config文件摘录：

 ＆LT; system.webServer＆GT;
    ＆LT;模块runAllManagedModulesForAllRequests =真/＆GT;
    ＆LT;＆处理GT;
      ＆LT;清除NAME =WebDAV的/＆GT;
      ＆LT;清除NAME =ExtensionlessUrlHandler  - 集成 -  4.0/＆GT;
      ＆LT;添加名称=AuthServiceHandler
           路径=*。
           动词=*
           键入=AuthServiceHTTPHandler.App_ code.AuthServiceHandler
           preCondition =integratedMode，runtimeVersionv4.0/＆GT;
    ＆LT; /处理器＆GT;
  ＆LT; /system.webServer>
 

如果我输入我的应用程序到IIS中的默认Web站点并将其绑定到9000，我可以调用与POST请求 HTTP应用程序：//本地主机：9000 。该URL的罚款;我并不想要求任何网页。

解决方案

在结束我的工作解决该问题通过创建一个虚拟的网页和处理程序绑定到的POST动词我感兴趣的是：

 ＆LT; system.webServer＆GT;
    ＆LT;模块runAllManagedModulesForAllRequests =真/＆GT;
    ＆LT;＆处理GT;
      ＆LT;清除NAME =WebDAV的/＆GT;
      ＆LT;清除NAME =ExtensionlessUrlHandler  - 集成 -  4.0/＆GT;
      ＆LT;添加名称=AuthServiceHandler
           PATH =dummy.html
           动词=POST
           键入=AuthServiceHTTPHandler.App_ code.AuthServiceHandler
           preCondition =integratedMode，runtimeVersionv4.0/＆GT;
    ＆LT; /处理器＆GT;
  ＆LT; /system.webServer>
 

然后，处理程序将被触发调用的http：//本地主机：9000 /认证/ dummy.html ，当IIS中的默认网站下部署在验证了我的应用程序的名称。 （我没有AP preciated我所需要的背景下，以及当我贴出上面的问题。）所以DirectoryListingModule有效地绕过。

相当方便，通过处理程序绑定到POST谓词只有你可以使用相同的虚​​拟的网页，为用户提供有用的信息，如果他们浏览到它在Web浏览器（因为浏览器发送赢得一个GET请求 ŧ由处理程序拦截）。<​​/ p>

没有需要IIS设置进行更改。这个工作我在Windows 7上使用IIS 7.5。

I've written an ASP.Net web app with a custom HTTP handler. However, after importing the app into IIS 7.5, IIS returns this when the app is invoked:

HTTP/1.1 405 Method Not Allowed

When I enable the Failed Request Tracing Rules feature to trap HTTP 405 errors I see this:

My handler does not get invoked. So I'd like to remove the DirectoryListingModule. But, similar to @Brendan Hill here, nothing I've tried seems to disable the module. Even commenting out all the lines that mention this module in C:\Windows\System32\inetsrv\Config\applicationHost.config doesn't work:

<!--add name="DirectoryListingModule" image="%windir%\System32\inetsrv\dirlist.dll" /-->
<!--add name="DirectoryListingModule" lockItem="true" /-->
<!--add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" /-->

Like @Brendan Hill I would prefer a solution in my app's Web.config so I don't have to fiddle with IIS's settings. Excerpt from my current Web.config:

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <handlers>
      <remove name="WebDAV" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="AuthServiceHandler"
           path="*."
           verb="*"
           type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
           preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>

If I import my app into the Default Web Site in IIS and bind it to 9000 I can invoke the app with a POST request to http://localhost:9000 . This URL is fine; I'm not trying to request any web pages.

解决方案

In the end I worked around the problem by creating a dummy web page and binding the handler to that for the POST verb I was interested in:

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <handlers>
      <remove name="WebDAV" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="AuthServiceHandler"
           path="dummy.html"
           verb="POST"
           type="AuthServiceHTTPHandler.App_Code.AuthServiceHandler"
           preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>

The handler would then be triggered for calls to http://localhost:9000/Auth/dummy.html, where Auth was the name of my app when deployed under the Default Web Site in IIS. (I hadn't appreciated I needed the context as well when I posted the question above.) So the DirectoryListingModule was effectively bypassed.

Handily, by binding the handler to the POST verb only you can use the same 'dummy' web page to provide useful info for users if they browse to it in a web browser (because the browser sends a GET request which won't be intercepted by the handler).

No IIS settings needed to be changed. This worked for me using IIS 7.5 on Windows 7.

这篇关于如何禁用或删除IIS以DirectoryListingModule prevent HTTP 405错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！