ASP.NET 2.0: System.Web.HttpException: Path 'OPTIONS' is forbidden

G

Guest

I have overwritten Application_Error in my GlobalAsax to handle errors.
From time to time, I am getting exceptions I have never seen before (see
below).

What do this exceptions mean? Why are they generated?
Any help would be greatly appreciated.

Dieter



------------------------------------------------------------
System.Web.HttpException: Path 'OPTIONS' is forbidden.
at System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
context)
at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
------------------------------------------------------------

Instead of 'OPTIONS', I also retrieve 'PROPPATCH', 'MKCOL', 'PROPPATCH',
'PROPFIND' and some more.


----entry in Application event log--------------------------

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 20.02.2006 23:51:13
Event time (UTC): 20.02.2006 22:51:13
Event ID: 6c0c170c49ce4b1c835f43bb5545eae2
Event sequence: 37024
Event occurrence: 73
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/512649521/Root-1-127848542499800179
Trust level: Full
Application Virtual Path: /
Application Path: ...
Machine name: ...

Process information:
Process ID: 1412
Process name: w3wp.exe
Account name: NT-AUTORITÄT\NETZWERKDIENST

Exception information:
Exception type: HttpException
Exception message: Path 'OPTIONS' is forbidden.

Request information:
Request URL: http://.../
Request path: /
User host address: ...
User:
Is authenticated: False
Authentication Type:
Thread account name: NT-AUTORITÄT\NETZWERKDIENST

Thread information:
Thread ID: 5
Thread account name: NT-AUTORITÄT\NETZWERKDIENST
Is impersonating: False
Stack trace: at
System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext context)
at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)


Custom event details:

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter
http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------
 
T

Trevor Benedict R

They look like verbs that are refused by IIS because they do not have an
association setup in IIS. You can look at the IIS Log and gather more
information as to the request that was refused and post that here.

Regards,

Trevor Benedict R
MCSD
 
S

Steven Cheng[MSFT]

Hi Dieter,

As Trevor has said, the http verbs you posted seems non-ASP.NET specific
ones, some ones like PROPPATCH are http webdav verbs. Are you sure the
client is using webbrowser to visit the web pages in your ASP.NET web
applcations? Also, the Application_Error handler can only capture
exceptions which occur during the ASP.NET serverside pipeline, and the
error you encountere occurs before the request being processed in the
pipeline, that's why the Application_Error dosn't capture it.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
G

Guest

Hello Trevor,

thanks for your feedback.
Here are some lines of my IIS server log file:

2006-02-21 20:01:09 W3SVC512649521 xxx xxx OPTIONS / - 80 -xxx.xxx.xxx.xxx
HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - - 302 0 0 406 147 281
2006-02-21 20:01:09 W3SVC512649521 xxx xxx OPTIONS /error.aspx
aspxerrorpath=/ 80 - xxx.xxx.xxx.xxx HTTP/1.1
Microsoft-WebDAV-MiniRedir/5.1.2600 - - 200 0 64 0 173 203
2006-02-21 20:01:09 W3SVC512649521 xxx xxx PROPFIND /ofcscan - 80 -
xxx.xxx.xxx.xxx HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - - 302 0 0 420
165 328
2006-02-21 20:01:11 W3SVC512649521 xxx xxx .52 PROPFIND /error.aspx
aspxerrorpath=/ofcscan 80 - xxx.xxx.xxx.xxx /1.1
Microsoft-WebDAV-MiniRedir/5.1.2600 - - 200 0 0 31813 191 1218

2006-02-21 20:01:48 W3SVC512649521 xxx xxx GET
/officescan/cgi/cgiOnStart.exe
UID=11111111-5555-1111-1111-111111111111&DATE=20060221&TIME=210147&COMPUTER=ET215&PLATFORM=Windows%20NT%205%2e1%2e2600&IP=192.168.x.xx&PTNFILE=322100&PROGRAM=5.58&ENGINE=8.000&ENCY=35&DOMAIN=xxxxxx&HOTFIX=20051205223206&INSTDATE=20030724&INSTTIME=143756&MOBILE=0&RELEASE=5.58&OPPSTATUS=0
80 - xxx.xxx.xxx.xxx HTTP/1.1 TMhtload/1.31.00.1234 - - 404 0 0 1795 516 218

It really seems that those requests are WebDAV requests.

/officescan/cgi/cgiOnStart.exe might be TrendMicro VirusScan.
The DOMAIN=xxxxxx in the query string gave me a hint: I know that the client
has the same domain name xxxxxx for his internal network as well as for the
(hosted) webserver. Probably WebDAV requests should stay in the local network
but are routed to the webserver.


Best regards,
Dieter
 
G

Guest

Hello Steven,

please see my previous reply to Trevor. Really seems that WebDAV requests
are erroneously routed to the weberver.
Also, the Application_Error handler can only capture
exceptions which occur during the ASP.NET serverside pipeline, and the
error you encountere occurs before the request being processed in the
pipeline, that's why the Application_Error dosn't capture it.

Actually, my Application_Error does capture those exceptions.
I guess the reason for this is that I have added a wildcard application
mapping in IIS for aspnet_isapi.dll. I need this to protect all file types
with Forms Auth.

Best regards,
Dieter
 
S

Steven Cheng[MSFT]

Thank you for the response.

Since you've mapped all the wildcard application extension to the ASP.NET
extension, that makes some sense that your application recieve many
unexpected http requests. Anyway, if you manually forward some non-ASP.NET
friendly requests to asp.net runtime, you need to make sure you have proper
ASP.NET httphandlers to handle them.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Joined
Sep 20, 2008
Messages
11
Reaction score
0
The answer

Unfortunately, telling someone they need the proper handlers to handle their requests/file types doesn't tell someone what those proper handlers are. I found the answer I was looking for on another site and came back to share, since I think someone finding this thread with this same issue deserve as much:

For me, I was trying to serve a CSV file and got the Path 'OPTIONS' is forbidden error in my Event Log when I hyperlinked to it from my Default.aspx page and clicked that link. Funny thing is that I could still get my CSV file... anyway... It seems instead of a "GET", which I did have handled in my web.config file, IIS was using this "action" or "verb" 'OPTIONS' that I had no clue about. Why it has to use 'OPTIONS' instead of 'GET', well that's for the MS reps to tell us, I guess... anyway...

I added this to my web.config in the <configuration><system.web><httpHandlers>
section:

<add path="*" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true"/>

That way, as it was explained on the site where I found it, IIS is handling the serving, not the .NET Framework, WebDAV, or anything else.

-Tom
 
Joined
Apr 14, 2011
Messages
1
Reaction score
0
I get Path 'MKCOL' is forbidden

This has stumped me for a few days and I found this thread, and hopefully some of you can help me.

I basically get Path 'MKCOL' is forbidden error when my WebDAV client sends a MKCOL request.

What's weird about this is that other WebDAV specific requests such as COPY, LOCK, UNLOCK requests pass and return proper responses.

It is just MKCOL that is not working.

I was using custom HttpModule before, and did not give me any issue with MKCOL.
but now I have switched to HttpHandler, and everything works but MKCOL.

MKCOL returns 405 Method Not Allowed response when it tries to create a collection on an existing collection, but this is not my case.

Any idea from anyone?
 
Last edited:

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top