Re: Using "../" in Includes.

From: Kristofer Gafvert (kgafvert_at_NEWSilopia.com)
Date: 02/12/04 

Date: Thu, 12 Feb 2004 08:00:31 +0100

IIS 6 is locked down by default. Parent Paths is a way for a hacker to
navigate to a folder on the web server that has execute permissions, and in
that way execute scripts that you normally shouldn't and wouldn't execute.
If you enable this, make sure that you do not give execute permissions to a
parent folder. To enable Parent Paths, follow these steps:

  a.. Click Start->Programs->Administrative Tools->Internet Information
Services
  b.. Expand Web Sites and right click the web site you want to enable this
for (i.e Default Web Site), click Properties
  c.. Click the Home directory tab and click the Configuration button
  d.. Click on the Options tab
  e.. Check the box Enable Parent Paths 

-- 
Regards,
Kristofer Gafvert - IIS MVP
Reply to newsgroup only. Remove NEWS if you must reply by email, but please
do not.
www.ilopia.com - FAQ and Tutorials for Windows Server 2003
"Just me" <anonymous@discussions.microsoft.com> wrote in message
news:7B58FAD0-1CAC-40BC-AF8C-12D8F49FE383@microsoft.com...
> I have a website that had basically been untouched for quite sometime. The
host upgraded their internal  servers to 2003 and IIS 6. Any pages where I
use:
> <!--#Include File="../directory/filename.asp"-->
> Are no longer valid(working).
>
> I changed the Includes to:
> <!--#Include Virtual="/directory/filename.asp"-->
>
> I've used the virtual name of our physical directory as it appears in FTP
but that doesn't work. I even tried pulling it all the way back to inetpub
and that still doesn't work. What do I need to do for this to function
again? Am I even going about it properly? I emailed the host, I have no
response. Although it doesn't affect the whole site, it does affect the site
and it would be nice if everything functioned the way it's intended. Any
help would be greatly appreciated.
>