ISAPI and CGI restrictions are request handlers that allow dynamic content to be executed on the server. These restrictions are CGI files (. exe) or ISAPI extensions (. dll). If the IIS configuration system allows you to add custom ISAPI or CGI restrictions, then we can add them.
(i) Add ISAPI or CGI restrictions
Using ISAPI and CGI restrictions, you can control whether dynamic content is provided. On the server, dynamic content exists in the form of a CGI file (. exe) or an ISAPI extension (. dll). The implementation steps are as follows:
1. Open IIS Manager, and then navigate to the level you want to configure.
2. In the feature view, double-click ISAPI and CGI restrictions.
3. In the actions pane, click Add.
4. Type the path to the. dll or. exe file in the ISAPI or CGI path text box in the Add ISAPI or CGI Restrictions dialog box, or click the browse button (...) to navigate to the location of the file.
5. In the Description text box, type a brief description of the restrictions.
6. Check "Allow extended paths to be executed" to allow restrictions to run automatically. If this option is not selected, the Restricted status defaults to Disallowed. Later, you can allow the restriction by selecting the limit and clicking Allow in the Actions pane.
7. Click OK.
(ii) Editing ISAPI or CGI restrictions
You need to edit these restrictions if you want to change the location or description of the. exe or. dll file, or to change the state of the ISAPI or CGI restrictions. The specific steps are as follows:
1. Open IIS Manager, and then navigate to the level you want to configure.
2. In the feature view, double-click ISAPI and CGI restrictions.
3. Select a constraint from the list, and then click Edit in the Actions pane.
4. (optional) in the edit ISAPI or CGI Restrictions dialog box, in the ISAPI or CGI path text box, type a new path to the. dll or. exe file, or click the browse button (...) to navigate to the location of the file.
5. (optional) In the Description text box, type a new description of the restriction.
6. Optionally, select "Allow extended paths to be executed" to allow the CGI or ISAPI restrictions to run. If this option is not selected, the Restricted status defaults to Disallowed. Later, you can change the state of the restriction by selecting the limit and clicking Allow or deny in the actions pane.
7. Click OK.
(iii) Removal of ISAPI or CGI restrictions
If you no longer need to provide a content type defined by a specific ISAPI or CGI restriction, you can remove the restriction from the list of restrictions on the server.
1. Open IIS Manager, and then navigate to the level you want to configure.
2. In the feature view, double-click ISAPI and CGI restrictions.
3. Select a limit from the list.
4. In the actions pane, click Delete.
5. In the Confirm Deletion dialog box, click Yes.
(iv) Set the unspecified file name extension to run on the WEB server
If you are running IIS 7.0 in ISAPI mode, you can allow files (that is, all executables) that do not specify a file name extension to run on the WEB server. If you are running IIS 7.0 in Integrated mode, this feature is not available.
Open IIS Manager, and then navigate to the level you want to configure.
2. In the feature view, double-click ISAPI and CGI restrictions.
3. On the Operations page, click Edit Feature Settings.
4. You can also select the Allow unspecified CGI module in the edit ISAPI and CGI Restriction Settings dialog box to allow unspecified CGI modules.
5. You can also select the Allow Unspecified ISAPI module to allow unspecified ISAPI modules.
6. Click OK.