Ensure notlistedisapisallowed option is set to false
The notListedIsapisAllowed
attribute is a server-level setting located in
the ApplicationHost.config file in the
<isapiCgiRestriction>
element of the
<system.webServer>
section under
<security>
. This element ensures that malicious users cannot
copy unauthorized ISAPI binaries to the Web server and then run them. It is recommended
that notListedIsapisAllowed
be set to false.
To use IIS Manager to set the notListedIsapisAllowed
attribute to
false:
- Open IIS Manager as Administrator.
- In the Connections pane on the left, select server to be configured.
- In Features View, select ; in the Actions pane, select .
- In the Actions pane, select .
- In the Edit ISAPI and CGI Restrictions Settings dialog, clear the Allow unspecified ISAPI modules check box, if checked.
- Click .