Tuesday, March 15, 2005

Active Server Pages error ''ASP 0131'' - Disallowed Parent Path The Include file cannot contain ''..'' to indicate the parent directory.

Apparently IIS configuration on a Windows 2003 server disallows the usage of ".." in ASP include files. You can easily solve it in this way

1. Go to your IIS Manager
2. Right click your web site
3. Choose Properties >
4. Select Home Directory Tab
5. Click ‘Configuration’ button
6. Select App Options Tab
7. Check the Enable Parent Paths
8. Click OK and your new configuration will be saved.

1 comment:

Bart said...

By default, Enable parent paths is set to no. When Enable parent paths is set to no, a FileSystemObject object instantiated by an ASP application is limited to that application’s defined directory. This is the most secure setting and is appropriate for most shared Web hosting environments.

When Enable parent paths is set to yes, the FileSystemObject object can access files outside the ASP application directory. In this scenario, ASP developers can use the "../" syntax in #include statements to access any file outside of the Web directory that the ASP Server has file system permission to read.

Caution ; Changing Enable parent paths to yes can affect the security of your server. Before you change this setting, make sure that the ASP Server has permission to access only the files you want to be publicly accessible, and that it does not have access to sensitive files containing configuration or password information. You can restrict the permissions of the ASP Server by defining the user it runs under, and making sure that that user has appropriately restricted file system permissions.
Note The Enable parent paths setting does not add any restrictions to executing Java code. For example, if you want to restrict Java code to access files within the application directory, the proper permissions should be in the bean.policy file.