POST 403 Forbidden for ScriptResource.axd

1

We're running into a strange issue with the development version of one of our websites. When triggering a postback on the page through a DropDownList OnChange event, the following error is displayed in the browser console:

POST <URL here> 403 (Forbidden)
Uncaught #<Error>

Viewing the generated IIS error page is not helpful. It indicates the following:

Module  ManagedPipelineHandler
Notification    ExecuteRequestHandler
Handler PageHandlerFactory-Integrated-4.0
Error Code  0x00000000

This is for a ScriptResource.axd. Now here's the strange part: this issue didn't start happening until our other developer started publishing the site. Previously, I was publishing it with no issues. There have been no web.config changes (in fact, it's identical to our production web.config, which works perfectly). I've scoured the web for clues regarding why we would be getting this issue, and it seems to be mostly related to either the <handlers> section in <system.webServer>, or the <httpHandlers> in <system.web>. The relevant sections are listed below:

<httpHandlers>
  <remove verb="*" path="*.asmx" />
  <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
</httpHandlers>

<handlers>
  <remove name="WebServiceHandlerFactory-Integrated" />
  <remove name="ScriptHandlerFactory" />
  <remove name="ScriptHandlerFactoryAppServices" />
  <remove name="ScriptResource" />
  <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>

From what I've seen, this appears to match what other users say works well for them. One interesting thing of note is that the 403 Forbidden appears to be on POST. I did try adding POST as a verb in both of those locations for ScriptResource.axd, but this did not work either.

The website is hosted in IIS 7.5 under an Application Pool using Network Service. Network Service does have full control under the root folder for the website.

At this point, I'm at a complete loss as to what could be causing our bizarre issue.

asp.net
iis-7.5
asked on Stack Overflow Feb 17, 2016 by user1888527 • edited Feb 17, 2016 by user1888527

2 Answers

1

I had the same issue on the plesk hosting server, after tracing the request and check why it return 403 access is denied error i found that the hosting server has web application firewall (WAF) installed and this firewall block these request so you need to add rule to allow these request or turn it off.

answered on Stack Overflow Jan 15, 2020 by A.Awada
0

My Hosting use Plesk and I also met this issue after they upgrade the server.

After changing Web Application Firewall Mode to Off/Detection only, this issue is fixed.

enter image description here

answered on Stack Overflow Dec 30, 2020 by BluEiS

User contributions licensed under CC BY-SA 3.0