AspEnableParentPaths

The AspEnableParentPaths property specifies whether an ASP page allows paths relative to the current directory (using the ..\ notation) or above the current directory. If set to true, this property constitutes a potential security risk, because an include path could access critical or sensitive data files outside the root directory of the application if strong ACLs are not set on those files.

IIS 6.0 and later: To increase security, parent paths are disabled by default. This can potentially break upgraded Web sites that use the ..\ notation or include files from parent directories.

This property is an application-level property.

Schema Attributes

Attribute Name	Value
ADSI/WMI Data Type	BOOL
ABO Data Type	DWORD_METADATA
Schema Default	FALSE
Internal Default	FALSE
Upper Bound	0
Lower Bound	Not specified
Internal ID	7008
Friendly ID	MD_ASP_ENABLEPARENTPATHS
Property Attributes	INHERIT
User Type	ASP_MD_UT_APP

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path	IIS Admin Object Type
/LM/W3SVC	IIsWebService
/LM/W3SVC/n	IIsWebServer
/LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name	IIsWebDirectory
/LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name	IIsWebVirtualDir

Flags

There are no flags for this property.

Requirements

Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

See Also