404.2 and , ISAPI restriction and Web Service Extension

3 בMarch 2011

tags: , , ,

404.2 and , ISAPI restriction and Web Service Extension


A common and very misleading http error is the status with code 404.2 .

It is misleading because it belongs to the 404 family which may indicate
that the resource was not found, however this error indicates that the
server has blocked our request by it’s lockdown policy.

The web server lockdown policy’s job is restrict the requests to a known
and valid pages / resources.  For example, this is very rare to find servers
that allows you to run executable programs remotely by HTTP requests. 

Another common scenario of request blocking is for known extension,
registered to an ISAPI executable which was not allowed by the server’s
configuration. The most common scenario I’ve encountered was that ASP.NET
ISAPI was not allowed. (occurs on machines installed initially without
.Net 4.0) One good examples for this scenario can be seen on Gil Fink’s post.

  One other common scenario  I’ve encountered was heaving to host Magic
application on IIS. Magic web application required a special ISAPI executable.
In order to do so, we have to add new extension and add the Magic’s ISAPI
DLL to it.

How can we configure these settings?

IIS 6: In here it is called Web Service Extensions, You can find it by clicking
it’s corresponding folder.  You can allow or prohibit each extension.

IIS 6 Web Service Extensions screem

In case of new extension, you need to press on the “Add new web service extension”
(circled above), and add the required file(s). You can also add / remove files and
and allow / prohibit each one of them.

Extension properrties - add files

IIS7: On that IIS, it called ISAPI & CGI restrictions. You can choose it by
clicking once on the server’s name, and then from feature view selecting
ISAPI & CGI restrictions (circled below) 


The  registration list looks a bit different from the extensions list on IIS6,
in here wee see every file on that list along with it’s description
By looking at the figure below you can see some description that repeat
themselves (like Web Service Extension in IIS6 that have more than one file).

ISAPI Restrictions list on IIS7



In this post we’ve seen the connection between IIS lockdown
(HTTP error  No. 404.2), Web Service Extension and ISAPI
. In fact, we’ve seen that installing the appropriate
ISAPI executable
is not enough, we have also to allow it.
We’ve seen how to allow it on both IIS6 and IIS7

kick it on DotNetKicks.com

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



  1. Internet solutions team8 בMarch 2011 ב 12:06

    This is excellent post. I was struggling with this same issue. I wanted to run an exe file which was running fine in our old box but we moved our website to new box and stopped working. This post helped us to reslove the issue.

  2. Ran Wahle8 בMarch 2011 ב 12:56

    Great, I’m glad I’d helped you.
    That’s exactly what this blog is about

  3. Erich19 בMarch 2011 ב 20:07

    This is a very well written piece. Concise, well explained and easy to follow. However, it doesn’t seem to solve my 404.2. I have recently upgraded to IIS7.5 and find in javascript (ajax) I get a 404.2 on sldprt, step and iges extensions. I have added them as allowed in filtering, and mime-types in IIS. Recycled the server yet still get the 404.2. Any ideas?

  4. Ran Wahle19 בMarch 2011 ב 23:35

    Hello Erich,

    Unfortunately I’m not familiar with these extensions.
    I’d appreciate if you could give me more details about it. Has it worked on IIS 7? How did you install them on your server etc.



  5. バーバリー ストール4 בDecember 2013 ב 20:06

    This actually answered my drawback, thanks!