WebResource.axd returning 404

Oct 14, 2009 at 5:42 AM


I have been using the ISAPI filter on a few site I host, so first of all THANK YOU for writing this piece of software to secure sites that are not aging well, or have not been written by developers with security in mind.

However, I recently decided to turn this filter on a .Net 2.0 web app and something weird is happening as a result, all the WebResource.axd calls are returning 404. Here is an example request:


Any ideas on what might be going on?

FYI, it happens on other requests like /ScriptResource.axd

Thank you in advance for any pointers.



Oct 14, 2009 at 6:24 AM

Add *.axd in the exclusion list.

Oct 16, 2009 at 3:34 AM

Hmmm.... I did and restarted IIS, and still no luck. DotNet 2.0 sites in IIS still don't work right, by serving 404s for all the *.axd...

Any other ideas? I did turn on logging on verbose and I don't see anything but that the filter started, that's it.

Oct 16, 2009 at 4:14 PM

Try this:

When you add the wildcard mapping in IIS (see video for details) you have a check box that reads "Check if file exists", if you check it it will probaby solve the problem.

To have logging working you have to make sure the user in user identity in the application pool has rights in the log folder.

Oct 20, 2009 at 5:16 AM

This worked!!! Thank you so much. Kudos to you or anybody that helped making this ISAPI filter, it's been a life safer for those small legacy apps that nobody wants to go redo and secure from all those evil worms ;)

Oct 20, 2009 at 5:33 AM

I wrote this ISAPI by myself. I asked someone else (very capable) to help me but he could not engage :)

I still have some tweaks but no time to work on this :(