Settings May Not Be Applied with URL with Short Filename

 Last reviewed: February 10, 1998
Article ID: Q179148
The information in this article applies to:
  • Microsoft Internet Information Server version 4.0
  • Microsoft Personal Web Server version 4.0 on Microsoft Windows NT Workstation version 4.0

SYMPTOMS

Microsoft has been made aware of an issue in Internet Information Server (IIS) 4.0 and Personal Web Server (PWS) 4.0 in which certain configuration settings may not be applied when a URL with short file name equivalents is requested. These configuration setting include restricting access by IP address, PICS ratings, and requiring SSL encryption. Windows NT file permissions (ACLs) are not affected.

Users are able to access certain directories or files through IIS 4.0 or PWS 4.0 and bypass specific security settings, such as SSL encryption.

CAUSE

The Windows NT and Windows 95 file systems (FAT, FAT32, and NTFS) support file names of up to 255 characters. To maintain compatibility with older, non 32-bit applications, a short file name (called the 8.3 file name) is created for each file. This short file name equivalent is used by older applications to access directories and files with long names. IIS 4.0 and PWS 4.0 maintain certain configuration information about directories and files in a database called the metabase. The metabase does not contain file permissions, but rather Web server-specific information such as requiring SSL encryption, proxy cache setting, and PICS ratings. Actual file and directory permissions are enforced by NTFS and are not affected by this problem.

In certain cases when a URL is requested using the short file name, it is possible that configuration properties specified in the metabase may not be applied as expected. This issue only occurs where long file names are used for directories or files, and specific metabase configuration properties are set on those directories or files. File permissions by a user or group using NTFS access control lists (ACL) are not affected.

STATUS

NOTE: The supported fix is for IIS and PWS on Windows NT Workstation. A fix for PWS on Microsoft Windows 95 is still pending.

Microsoft has confirmed this to be a problem in Microsoft Internet Information Server version 4.0 and Personal Web Server version 4.0.

A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix.

The fix is available at the following location: 

   ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/security/sfn-fix
Please contact Microsoft Technical Support for more information.

Additional query words: 8.3 tilde
Keywords : iissecurity
Version : WinNT:4.0
Platform : winnt
Issue type : kbbug
Solution Type : kbpending kbworkaround

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: February 10, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.