locked
403 - Forbidden: Access is denied using IIS 7 from a web browser RRS feed

  • Question

  • User-115794427 posted

    Hi All,


    I am using a win 2008 server with IIS 7 to host a php web site for the first time.  

    The server is part of a domain but not a DC only a Web Server.  I am using port 81 as a test port which is reflected in the website config.

    I can telnet the external dns with the port number.  seems OK

    I have added the various web extentions and I can browse the website from IIS from the server but cannot access the site through a PC browser on the same network using the dns resolution or an ip address with the port 81 as a suffix.

    I have tried creating a new Anonymous user and tested the access :

    The specified user credentials are authorized to access the specified physical path.

    *******

    From the browser I obtain the message :

    403 - Forbidden: Access is denied

    I have summarised the log. %SystemDrive%\inetpub\logs\FailedReqLogFiles

    Url http://www.xxxxx.com:81
    App Pool ReportServer$MS$DPM2007$
    Authentication anonymous
    User from token LO-BACKUP\IUSER_LO-DC2
    Activity ID {00000000-0000-0000-0C00-0080000000F8}

    68. view trace Warning -MODULE_SET_RESPONSE_ERROR_STATUS 
    ModuleName IIS Web Core
    Notification 16
    HttpStatus 403
    HttpReason Forbidden
    HttpSubStatus 2
    ErrorCode 2147942405
    ConfigExceptionInfo
    Notification MAP_REQUEST_HANDLER
    ErrorCode Access is denied. (0x80070005)
    IIS Web Core
    69. view trace Warning -SECURITY_DENIED_BY_ACCESS_FLAGS 
    CurrentFlags 30215
    NeededFlags 1

    Any help would be greatly appresiated as I am tearing my hair out.

     Thank you in advance

    Thursday, December 4, 2008 5:53 PM

Answers

  • User511787461 posted

    You must have set it in applicationhost.config

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, December 10, 2008 5:54 PM

All replies

  • User511787461 posted

    This is because you have set the NoRemoteRead flag in the system.webServer/handlers/accessPolicy flag - you also seem to have the NoRemoteExecute and NoRemoteScript flags set.

    Thursday, December 4, 2008 6:46 PM
  • User-115794427 posted

    Hi Anilr,

    Thanks for the response, it is much appreciated<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

    Where do I configure the NoRemoteRead flag, NoRemoteExecute and NoRemoteScript flags set in the config file?

    Once again Thanks

     

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <directoryBrowse enabled="true" showFlags="Date, Time, Size, Extension, LongDate" />
      

            <security>
                <authorization>
                    <remove users="*" roles="" verbs="" />
                    <add accessType="Allow" users="?" />
                </authorization>
            </security>
            <defaultDocument enabled="false">
                <files>
                    <remove value="default.aspx" />
                    <remove value="iisstart.htm" />
                    <remove value="index.htm" />
                    <remove value="Default.asp" />
                    <remove value="Default.htm" />
                </files>
            </defaultDocument>
            <tracing>
                <traceFailedRequests>
                    <add path="*">
                        <traceAreas>
                            <add provider="ASP" verbosity="Verbose" />
                            <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
                            <add provider="ISAPI Extension" verbosity="Verbose" />
                            <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
                        </traceAreas>
                        <failureDefinitions statusCodes="403" />
                    </add>
                </traceFailedRequests>
            </tracing>
        </system.webServer>
        <system.web>
            <identity impersonate="true" />
            <authentication mode="windows" />
            <trust level="High" />
        </system.web>
        <connectionStrings>
            <remove name="LocalSqlServer" />
        </connectionStrings>
    </configuration><?xml version="1.0" encoding="UTF-8"?><CONFIGURATION><SYSTEM.WEBSERVER><DIRECTORYBROWSE showFlags="Date, Time, Size, Extension, LongDate" enabled="true"><SECURITY><AUTHORIZATION><REMOVE verbs="" roles="" users="*"><ADD users="?" accessType="Allow"></ADD></AUTHORIZATION></SECURITY><DEFAULTDOCUMENT enabled="false"><FILES><REMOVE value="default.aspx"><REMOVE value="iisstart.htm"><REMOVE value="index.htm"><REMOVE value="Default.asp"><REMOVE value="Default.htm"></FILES></DEFAULTDOCUMENT><TRACING><TRACEFAILEDREQUESTS><ADD path="*"><TRACEAREAS><ADD verbosity="Verbose" provider="ASP"></ADD><ADD verbosity="Verbose" provider="ASPNET" areas="Infrastructure,Module,Page,AppServices"></ADD><ADD verbosity="Verbose" provider="ISAPI Extension"></ADD><ADD verbosity="Verbose" provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module"></ADD></TRACEAREAS><FAILUREDEFINITIONS statusCodes="403"></ADD></TRACEFAILEDREQUESTS></TRACING></SYSTEM.WEBSERVER><SYSTEM.WEB><IDENTITY impersonate="true"></IDENTITY><AUTHENTICATION mode="windows"></AUTHENTICATION><TRUST level="High"></SYSTEM.WEB><CONNECTIONSTRINGS><REMOVE name="LocalSqlServer"></CONNECTIONSTRINGS></CONFIGURATION>

    Friday, December 5, 2008 3:41 AM
  • User511787461 posted

    You must have set it in applicationhost.config

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, December 10, 2008 5:54 PM
  • User1373171899 posted

    You must have set it in applicationhost.config

    Thanks man. Saved me a lot of time.

    Wednesday, September 28, 2011 9:00 AM
  • User-1930353673 posted

    Can you please send a sample code for adding handler tags to applicationhost.config file. Thanks in advance.

     

    Wednesday, January 25, 2012 3:02 PM