Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Receiving "Path 'OPTIONS' is forbidden." Exception in ASP.NET website

Tags:

http

exception

asp.net

httphandler

I am getting the error System.Web.HttpException: Path 'OPTIONS' is forbidden. since we moved our website over to a new server setup. I am unable to recreate the error but I am receiving emails for this exception at least a few times a day. Any ideas what could be causing this and how I can fix it?

EDIT: Stack Trace:

at System.Web.HttpMethodNotAllowedHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

There are no directories or files named OPTIONS and I believe all permissions are correct. I am finding some information about a possible link to EXCEL getting data from the webserver, but nothing that full explains how or what is happening yet.

EDIT AGAIN: Seems this has to do with Excel files opening in Internet Explorer..

like image 990
Greg Avatar asked May 12 '10 14:05

Greg

2 Answers

OPTION is a verb used by "Microsoft Data Access Internet Publishing Provider Protocol Discovery" (Part of MS Office) to make request when a user opens a URL from inside office applications.

You should be able to re-create the issue by going File>Open in Word/Excel 2003 and above and specifying the full URL of the file. Alternatively by placing a link to an excel file on your server in an office document and clicking it.

You can fix it by adding this to your web.config file with additional lines for each file type:

<httpHandlers>
  <add verb="*" path="*.xls" type="System.Web.StaticFileHandler" />
  <add verb="*" path="*.xlsx" type="System.Web.StaticFileHandler" />
</httpHandlers>
like image 149
John Avatar answered Nov 15 '22 18:11

John

Are you getting any user error reports or similar. OPTIONS is an http verb that is used to find outthe capabilities of the server. It sounds like your new web server is not configured to allow this verb, probably for security reasons. A normal web request from a browser would not use this verb and it is often used by malware/bots scanning web servers for vulnerabilities to exploit.

like image 43
Ben Robinson Avatar answered Nov 15 '22 18:11

Ben Robinson
Sign in to Comment

Related questions

Cannot launch asp.net core web app in IIS Express
Implementing External Authentication for Mobile App in ASP.NET WebApi 2
ASP.NET MVC2 with Entity Framework 4 - AsEnumerable() or ToList() in repository?
Multiple paths in location element of web.config
Access session data from another thread
Force ASP.Net MVC Bundle to render the javascript files in a certain order
What is the equivalent of viewstate in ASP.net MVC [closed]
Why are these two methods not ambiguous?
Which ORM should i be using for .Net in 2016 to talk to SQL server? [closed]
Set response status in ASP.NET core middleware
Run Angular and ASP.NET Web API on the same port
How do I bind a repeater to a List<Person> to also update the bound items? (2-way)
disable asp.net validator using jquery
the best way to connect sql server (Windows authentication vs SQL Server authentication) for asp.net app
How to prevent multiple browser windows from sharing the same session in asp.net
ASP.NET connection string metadata syntax
How to close the parent window from its child?
User Control Inside Repeater
ASP.NET Web API IExceptionLogger doesn't catch exceptions
How to determine total size of ASP.Net cache?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!