"Path 'POST' is forbidden"

Discussion in 'ASP .Net Security' started by Ollie, Aug 12, 2004.

  1. Ollie

    Ollie Guest

    I have wrriten a reverse proxy for a client of mine, this reverse proxy
    takes the url takes it attempt to access a *.XXXX and returns the the
    contents of an aspx web page from another internal server, the user then
    clicks on a button on the page that then posts data to the reverse proxy and
    it routes to the correct page by creating a web request and setting the
    method to post. (the reverse proxy is written using the IHttpHandler
    interface in .Net).

    This all works in development and UAT but fails in production giving the
    following error (see below) all servers are windows 2003 server with IIS6.0.
    I realise this must be a configuration issue, the configs are the same for
    production, dev & UAT machines.

    Anyone got any suggestions?

    Cheers

    Ollie


    Path 'POST' is forbidden.
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information
    about the error and where it originated in the code.

    Exception Details: System.Web.HttpException: Path 'POST' is forbidden.

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [HttpException (0x80004005): Path 'POST' is forbidden.]
    System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext context)

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    p.Execute()
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +87
    Ollie, Aug 12, 2004
    #1
    1. Advertising

  2. Ollie

    Joerg Jooss Guest

    Ollie wrote:
    > I have wrriten a reverse proxy for a client of mine, this reverse
    > proxy takes the url takes it attempt to access a *.XXXX and returns
    > the the contents of an aspx web page from another internal server,
    > the user then clicks on a button on the page that then posts data to
    > the reverse proxy and it routes to the correct page by creating a web
    > request and setting the method to post. (the reverse proxy is written
    > using the IHttpHandler interface in .Net).
    >
    > This all works in development and UAT but fails in production giving
    > the following error (see below) all servers are windows 2003 server
    > with IIS6.0. I realise this must be a configuration issue, the
    > configs are the same for production, dev & UAT machines.
    >
    > Anyone got any suggestions?
    >
    > Cheers
    >
    > Ollie
    >
    >
    > Path 'POST' is forbidden.
    > Description: An unhandled exception occurred during the execution of
    > the current web request. Please review the stack trace for more
    > information about the error and where it originated in the code.
    >
    > Exception Details: System.Web.HttpException: Path 'POST' is forbidden.
    >
    > Source Error:
    >
    > An unhandled exception was generated during the execution of the
    > current web request. Information regarding the origin and location of
    > the exception can be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [HttpException (0x80004005): Path 'POST' is forbidden.]
    > System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
    > context)
    >
    >

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    > p.Execute()
    > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > completedSynchronously) +87


    It seems that in your web.config you're missing your handler's entry in the
    <httpHandlers> section or it's does not say <add verb="*" ...> or <add
    verb="GET,HEAD,POST" ...>.

    Cheers,
    --
    Joerg Jooss
    Joerg Jooss, Aug 13, 2004
    #2
    1. Advertising

  3. Ollie

    Ollie Guest

    Joerg,

    I have added the HttpHandler in the definition to the web config....

    <add verb="*" path="uat.XXXXX" type="HttpHandlers.XXXXX, HttpHandlers"/>

    Cheers anyway

    Ollie


    "Joerg Jooss" <> wrote in message
    news:...
    > Ollie wrote:
    > > I have wrriten a reverse proxy for a client of mine, this reverse
    > > proxy takes the url takes it attempt to access a *.XXXX and returns
    > > the the contents of an aspx web page from another internal server,
    > > the user then clicks on a button on the page that then posts data to
    > > the reverse proxy and it routes to the correct page by creating a web
    > > request and setting the method to post. (the reverse proxy is written
    > > using the IHttpHandler interface in .Net).
    > >
    > > This all works in development and UAT but fails in production giving
    > > the following error (see below) all servers are windows 2003 server
    > > with IIS6.0. I realise this must be a configuration issue, the
    > > configs are the same for production, dev & UAT machines.
    > >
    > > Anyone got any suggestions?
    > >
    > > Cheers
    > >
    > > Ollie
    > >
    > >
    > > Path 'POST' is forbidden.
    > > Description: An unhandled exception occurred during the execution of
    > > the current web request. Please review the stack trace for more
    > > information about the error and where it originated in the code.
    > >
    > > Exception Details: System.Web.HttpException: Path 'POST' is forbidden.
    > >
    > > Source Error:
    > >
    > > An unhandled exception was generated during the execution of the
    > > current web request. Information regarding the origin and location of
    > > the exception can be identified using the exception stack trace below.
    > >
    > > Stack Trace:
    > >
    > > [HttpException (0x80004005): Path 'POST' is forbidden.]
    > > System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
    > > context)
    > >
    > >

    >

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    > > p.Execute()
    > > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > > completedSynchronously) +87

    >
    > It seems that in your web.config you're missing your handler's entry in

    the
    > <httpHandlers> section or it's does not say <add verb="*" ...> or <add
    > verb="GET,HEAD,POST" ...>.
    >
    > Cheers,
    > --
    > Joerg Jooss
    >
    >
    Ollie, Aug 13, 2004
    #3
  4. Ollie

    Ollie Guest

    correction, I had already added this line to the web.config so this is no
    the answer

    Ollie



    "Ollie" <> wrote in message
    news:%...
    > Joerg,
    >
    > I have added the HttpHandler in the definition to the web config....
    >
    > <add verb="*" path="uat.XXXXX" type="HttpHandlers.XXXXX, HttpHandlers"/>
    >
    > Cheers anyway
    >
    > Ollie
    >
    >
    > "Joerg Jooss" <> wrote in message
    > news:...
    > > Ollie wrote:
    > > > I have wrriten a reverse proxy for a client of mine, this reverse
    > > > proxy takes the url takes it attempt to access a *.XXXX and returns
    > > > the the contents of an aspx web page from another internal server,
    > > > the user then clicks on a button on the page that then posts data to
    > > > the reverse proxy and it routes to the correct page by creating a web
    > > > request and setting the method to post. (the reverse proxy is written
    > > > using the IHttpHandler interface in .Net).
    > > >
    > > > This all works in development and UAT but fails in production giving
    > > > the following error (see below) all servers are windows 2003 server
    > > > with IIS6.0. I realise this must be a configuration issue, the
    > > > configs are the same for production, dev & UAT machines.
    > > >
    > > > Anyone got any suggestions?
    > > >
    > > > Cheers
    > > >
    > > > Ollie
    > > >
    > > >
    > > > Path 'POST' is forbidden.
    > > > Description: An unhandled exception occurred during the execution of
    > > > the current web request. Please review the stack trace for more
    > > > information about the error and where it originated in the code.
    > > >
    > > > Exception Details: System.Web.HttpException: Path 'POST' is forbidden.
    > > >
    > > > Source Error:
    > > >
    > > > An unhandled exception was generated during the execution of the
    > > > current web request. Information regarding the origin and location of
    > > > the exception can be identified using the exception stack trace below.
    > > >
    > > > Stack Trace:
    > > >
    > > > [HttpException (0x80004005): Path 'POST' is forbidden.]
    > > > System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
    > > > context)
    > > >
    > > >

    > >

    >

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    > > > p.Execute()
    > > > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > > > completedSynchronously) +87

    > >
    > > It seems that in your web.config you're missing your handler's entry in

    > the
    > > <httpHandlers> section or it's does not say <add verb="*" ...> or <add
    > > verb="GET,HEAD,POST" ...>.
    > >
    > > Cheers,
    > > --
    > > Joerg Jooss
    > >
    > >

    >
    >
    Ollie, Aug 13, 2004
    #4
  5. Ollie

    Jerry Pisk Guest

    Of course it isn't. Asp.Net will not let you handle POST requests when you
    specify a single path in your handler definition. If you want to handle POST
    requests you have to use wildcard extension mapping. I can't think of a
    reason why would they ever do this but hey, it's Microsoft. There's nothing
    you can do about this AFAIK, short of re-writing the Asp.Net runtime.

    Oh and this is a Asp.Net problem, not CLR problem, not IIS problem and
    definitely not IIS Security problem.

    Jerry

    "Ollie" <> wrote in message
    news:...
    > correction, I had already added this line to the web.config so this is no
    > the answer
    >
    > Ollie
    >
    >
    >
    > "Ollie" <> wrote in message
    > news:%...
    >> Joerg,
    >>
    >> I have added the HttpHandler in the definition to the web config....
    >>
    >> <add verb="*" path="uat.XXXXX" type="HttpHandlers.XXXXX, HttpHandlers"/>
    >>
    >> Cheers anyway
    >>
    >> Ollie
    >>
    >>
    >> "Joerg Jooss" <> wrote in message
    >> news:...
    >> > Ollie wrote:
    >> > > I have wrriten a reverse proxy for a client of mine, this reverse
    >> > > proxy takes the url takes it attempt to access a *.XXXX and returns
    >> > > the the contents of an aspx web page from another internal server,
    >> > > the user then clicks on a button on the page that then posts data to
    >> > > the reverse proxy and it routes to the correct page by creating a web
    >> > > request and setting the method to post. (the reverse proxy is written
    >> > > using the IHttpHandler interface in .Net).
    >> > >
    >> > > This all works in development and UAT but fails in production giving
    >> > > the following error (see below) all servers are windows 2003 server
    >> > > with IIS6.0. I realise this must be a configuration issue, the
    >> > > configs are the same for production, dev & UAT machines.
    >> > >
    >> > > Anyone got any suggestions?
    >> > >
    >> > > Cheers
    >> > >
    >> > > Ollie
    >> > >
    >> > >
    >> > > Path 'POST' is forbidden.
    >> > > Description: An unhandled exception occurred during the execution of
    >> > > the current web request. Please review the stack trace for more
    >> > > information about the error and where it originated in the code.
    >> > >
    >> > > Exception Details: System.Web.HttpException: Path 'POST' is
    >> > > forbidden.
    >> > >
    >> > > Source Error:
    >> > >
    >> > > An unhandled exception was generated during the execution of the
    >> > > current web request. Information regarding the origin and location of
    >> > > the exception can be identified using the exception stack trace
    >> > > below.
    >> > >
    >> > > Stack Trace:
    >> > >
    >> > > [HttpException (0x80004005): Path 'POST' is forbidden.]
    >> > > System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext
    >> > > context)
    >> > >
    >> > >
    >> >

    >>

    > System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    >> > > p.Execute()
    >> > > System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
    >> > > Boolean&
    >> > > completedSynchronously) +87
    >> >
    >> > It seems that in your web.config you're missing your handler's entry in

    >> the
    >> > <httpHandlers> section or it's does not say <add verb="*" ...> or <add
    >> > verb="GET,HEAD,POST" ...>.
    >> >
    >> > Cheers,
    >> > --
    >> > Joerg Jooss
    >> >
    >> >

    >>
    >>

    >
    >
    Jerry Pisk, Aug 14, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jack

    Path 'POST' is forbidden

    jack, Dec 11, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    477
  2. Ollie

    "Path 'POST' is forbidden"

    Ollie, Aug 12, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    532
    Jerry Pisk
    Aug 14, 2004
  3. =?Utf-8?B?R2VvZmYgTXVybGV5?=

    Path 'POST' is forbidden

    =?Utf-8?B?R2VvZmYgTXVybGV5?=, Mar 14, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    667
    =?Utf-8?B?R2VvZmYgTXVybGV5?=
    Mar 14, 2006
Loading...

Share This Page