HOWTO: Allow file downloads (including .exe) on IIS 6.0

Article
07/11/2005

Variations of this question are asked of IIS 6 all the time. However, the answer is no different than for any other version of IIS other than the fact that IIS 6 gives you a distinct error code to troubleshoot. What is not clear to me is why users think that the newly introduced Web Service Extension concept has something to do with this misconfiguration... I hope someone can give me some rationale.

Question:

Hello,

What is the correct method to allow .exe files to be downloaded or run from a web site on an IIS 6.0 server?

I am currently receiving a 404.2 error message in my browser when I try to open/download the executable files, and I am not sure which Web Service Extensions configuration changes must be made to allow this.

Thanks in advance,

Answer:

Given the current phrasing of your question, there is no correct method. Downloading a .exe file is NOT the same as run from a website, as I will describe below. I'll give a short answer and then a more detailed answer.

Short Answer

Your error message indicates that you have "Scripts and Executables" enabled, so IIS is trying to execute the .exe file on the web server, and since the .exe is not allowed by any defined Web Service Extension, a 404.2 results. The corrective action depends on what you want to do.

If you want to allow .exe files to be downloaded as-is to the browser, then you must NOT have "Scripts and Executables" as Execute Permissions.
If you want to execute the .exe file on the server to generate a response that is sent to the browser (possibly interpreted as a download), then you MUST have "Scripts and Executables" as Execute Permissions, and you must enable a Web Service Extension for that .exe file.

Details

Whenever the user makes the browser request a resource like "https://server/myapp.exe", users usually want one of the following actions to happen:

Return the file contents of myapp.exe as-is to the browser (aka file download)
Execute myapp.exe on the web server to generate a dynamic response (aka execute CGI script)

Now, the web server controls which action should happen, and on IIS, this is controlled by the "Execute Permissions" property of the virtual directory containing the .exe file. If the permission is set to "Scripts and Executables", then IIS will do action #2. Otherwise, it will do action #1.

Prior to IIS 6.0, there were no further security checks against either action. On IIS 6.0, there is one additional security check, depending on the action:

For action #1, the file resource's extension (.exe in this case) must have a defined MIME Type or else a 404.3 occurs. .exe has a MIME Type of application/octet-stream by default, so file download should just work.
For action #2, there must be an enabled Web Service Extension for the full path to the .exe resource to allow IIS to execute it to generate a HTTP response or else a 404.2 occurs. For securety reasons, IIS 6 does not allow any resource to execute by default unless otherwise configured/allowed in Web Service Extension.

//David

Comments

Anonymous
July 21, 2005
Thanks this really helped resolve my problem.
Anonymous
July 22, 2005
You're welcome! This is a pretty common confusion amongst users, and I really hope this clears things up.

//David
Anonymous
August 21, 2005
Your advise helped another confused IIS user who has been searching the answer on the web for weeks. THANKS!
Anonymous
August 24, 2005
Awesome response and thank you, I have been trying for two weeks to figure out what I changed on the server to make it try and run the program on the server, but was just over looking this.
Anonymous
September 03, 2005
Barbie - I am not certain what more info you are looking for.

//David
Anonymous
October 04, 2005
The comment has been removed
Anonymous
October 04, 2005
The comment has been removed
Anonymous
October 05, 2005
The comment has been removed
Anonymous
October 06, 2005
How can I enable Web Service Extension for that .exe file?
Anonymous
December 21, 2005
Thanks... that solved a client's problem very quickly!
Anonymous
March 02, 2006
The comment has been removed
Anonymous
March 02, 2006
The comment has been removed
Anonymous
March 19, 2006
Very nice article, David, but didn't help me with one particular problem.
I have .rdp files on an IIS6 server so users can open them directly, and thereby go to their rdp session (which might be ipaddress:3390 etc)
They give the file not found error, but I can't see any mappings to them and exe's can download OK. Any ideas?
Anonymous
March 19, 2006
Yusuf - This blog entry describes what is going on and how to troubleshoot it. Please re-read the "Details" section.

You most likely need to add a MIME Type for .rdp so that it is allowed for download. The reason you didn't do this for .exe is because there is already a defined MIME Type for .exe by default.

//David
Anonymous
March 20, 2006
please tell me how to run *.exe file in server (and not download it). I am trying to figure out how to script for an application in c with *.exe (400kb) to run in a server upon query from a browser.
Anonymous
April 01, 2006
All your info is great for putting people on the right track, but you failed to mention a couple things. These two things are IIS Lockdown 2.1 and URLScan.dll. Two nifty tools, yes. But the URLScan will prevent .exe download, by its default config.

This little annoyance caused me about 30 mins of config tweaking trying to determine why my .exe's would serve. So, be adviced, look in your urlscan.ini for config options.

Thx.
Anonymous
April 01, 2006
keith - Thanks for the additions.

I just wanted to respond to your statement that I "failed to mention a couple of things".

Please note that I intentionally disregarded IIS Lockdown 2.1 and URLScan in this blog entry because:
1. Neither are installed by default on IIS6. Use on IIS6 is on a case-by-case basis.
http://www.microsoft.com/technet/security/tools/urlscan.mspx
2. Arbitrary ISAPI DLL can cause arbitrary behavior on IIS (like failure to allow EXE file downloads) for arbitrary reason. I cannot possibly write a prescriptive blog entry about an unknown arbitrary reason and how to resolve it.
3. I want to explain the IIS6 specific behavior concerning allowing EXE file downloads, which is applicable on all IIS6 servers.
4. URLScan rejections are not 404.2, which is in the original question.

In other words, if the blog entry is about "ways to resolve arbitrary unexpected 404s", then yes, I should certainly mention the valid statement that "arbitrary ISAPI Extension or ISAPI Filter, such as URLScan, can alter server behavior to result in unexpected 404s."

Now, I actually wrote this blog entry to describe a common user misunderstanding of:
1. Downloading EXE to browser vs
2. Executing EXE on server vs
3. Executing EXE on the client

Users tend to think that some combination of the above actions should "magically" happen with the exact same configuration -- obviously not possible. I wanted to point out how IIS views the requests and the configuration that allows IIS to distinguish between #1 and #2 (a key misunderstanding).

//David
Anonymous
April 12, 2006
The comment has been removed
Anonymous
April 12, 2006
chall3ng3r - I am not certain what help you need.
- ASP can use WScript.Shell to Run arbitrary executables on the server as the process identity.
- ASP.Net can use System.Activator to also invoke WScript.Shell, or it can use System.Diagnostics.Process.Start() to run arbitrary executables as the process identity.

So, the process identity needs write access to the directory to write the XML file

You can alternatively figure out these details pragmatically using FileMon from sysinternals.com.

//David
Anonymous
April 25, 2006
Possibly your .exe's can get blocked by URLScan

Then your log would contain <Rejected-By-UrlScan>
E.g.
2006-04-26 01:32:39 10.254.48.61 - 10.108.117.202 80 GET /<Rejected-By-UrlScan> ~/dir/application.exe 404

In such a case have URLScan.ini configured to allow .exe or whatever it is by following this article.
http://support.microsoft.com/kb/326444/

URLScan.ini location - %WINDIR%System32InetsrvURLscan
Log files location - %SYSTEMROOT%System32LogFilesW3SVC#.log
Anonymous
April 28, 2006
I finally have enough blog entries about various portions of IIS6 request processing that I can stitch...
Anonymous
April 29, 2006
awesome, another 10K entry!

//David
Anonymous
May 23, 2006
i had to allow .ace file download in iis6 (it was in parts, so each file had a different extension - i.e. .ace,.c01,.c02 ...). I had to do this by adding mime types in the properties of the virtual directory.
I used application/octet-stream as the mime type for each extension (ace is just another format for zipping and i'm not sure if it is correct or not) and it started working.
Anonymous
May 25, 2006
Worked great! Thanks!
Anonymous
May 28, 2006
Thanks! You just saved me a lot of time and trouble!
Anonymous
June 02, 2006
The comment has been removed
Anonymous
June 02, 2006
I want to allow download myfile.zip from the Virtual Directory.
But then trying to download I have error 404 .
If I just change extension to myfile.txt, I may normal download it.
How must I configure IIS to allow download zip file?
Anonymous
June 14, 2006
The comment has been removed
Anonymous
June 15, 2006
Thank you for this information. I was able to fix my problem in minutes. We recently switched to a new server running IIS 6 and suddenly SCR files were creating a file not found error rather than prompting users with the Run/Download option. Once I added the SCR extension with the MIME Type of application/octet-stream the Run/Download option appeared. Is there a site that lists all extensions with the appropriate associated MIME type if I identify additional extensions I need to add or is is save to just use "application/octet-stream" if I can not identify the specific MIME type?
Anonymous
June 15, 2006
The comment has been removed
Anonymous
July 02, 2006
Hi David, just want to ask how to set a .cer (X509 certificate) to be download. I've set the MIME type to application/x-x509-ca-cert, but the file show up in text.
Thanks
Anonymous
July 12, 2006
David - you should be getting paid for this kind of advice!
Anonymous
July 13, 2006
Harry - hehe... you should tell my manager that. :-)

//David
Anonymous
July 15, 2006
My Hat's off to you David. Thanks for the great advice. I too had the same trouble with .exe files and searched the net for a while before stumbling across this article. Of course, after reading through the responses, it seems more like you were being attacked instead of offering advice. Shame on those so quick to prove others wrong!!
My fix was to change the site to Scripts only. This allowed me to achieve what I desired to have them be prompted for the download of the .exe file.

Keep up the good work and Thanks again. The info was greatly appreciated!! :-)
Anonymous
July 19, 2006
The comment has been removed
Anonymous
July 20, 2006
MickeyDing - Yes, a * MIME-Type allows all files (extension *) to be transported as binary (application/octet-stream).

Default IIS6 behavior is to only allow downloads of defined MIME Types, and adding a * MIME-Type defeats that security check.

However, if your purpose is to have a download directory, then the security risk of * MIME-Type on that directory is necessary.

In other words, every single piece of functionality you enable on the web has an associated security risk. The only thing you can do is decide whether the risk is necessary, and if so, how to minimize/mitigate the risk.

//David
Anonymous
July 25, 2006
David - I am trying to download our own custom extension over .Net application. I have added it to MIME type as application/octet-stream and also to Virtual Directory as new MIME type. But still for some reason it does not get downloaded. If I change the extension for the same file .tif it gets.

Any ideas? As a test I even created a Test folder and tried to access the URL in Internet Explorer. For .tif extension it asks to open or save but for the custom extension it says page cannot be displayed.

Thanks in advance!
Anonymous
July 25, 2006
Jay - The answer depends on the handler that sends the download.

If the download of the custom extension is sent by your own application, then you are responsible for fixing the problem. MIME Type is only relevant when the IIS Static File Handler sends the resource.

You should start by troubleshooting what status/substatus is recorded for the failing request. IE says "page cannot be displayed" for many reasons, not all related to MIME Type.

In other words, setting the MIME Type does not ensure a file download. It only works if the file extension is handled by the IIS Static File Handler.

I have other related blog entries along the sidebar of my Blog to explain how IIS handles requests, how to correctly troubleshoot IIS, etc. I suggest reading them all for more info.

//David
Anonymous
August 28, 2006
David -
I have run into a situation where I can not get IIS 6 to serve up files with a .log extension.

I have a website that has a small data driven front end that lets you upload and view files stored in a share on a file server physically separate from the web server. That share is mapped to via a virtual directory on the webroot.

Every time a .log file is requested the website throws a 404 error. So I tried adding .log to the list of mime types and no I am getting a 500 error.

Any ideas?
Anonymous
September 02, 2006
Hey,
Is there any way to define "All unknown extensions" in the MIME settings to be "application/octet stream" (downloadable, I think)? I would like any files not directly recognized by IIS to be considered downloadable, any ideas?
Anonymous
September 13, 2006
The comment has been removed
Anonymous
September 13, 2006
The comment has been removed
Anonymous
September 14, 2006
I'm sure the use of adding .ICA files to web servers to launch published applications from Presentation
Anonymous
September 30, 2006
The comment has been removed
Anonymous
October 10, 2006
Please help me!!! I have lot of files on the server(it has got IIS 6.0) with different extensions(like abc.x01, xyz.x02, ddd.c12...). I have set the MIME type to .* with application/octet-stream. When I open these files from the IE, it directly opens file on the browser but I would like to have the "File Download" option, so that I can save the file instead of opening it automatically. please help me..... Many thanks Sasi.
Anonymous
October 11, 2006
The comment has been removed
Anonymous
April 19, 2007
Thank you David! It really solved my problem.
Anonymous
April 25, 2007
The comment has been removed
Anonymous
June 06, 2007
Thanks this saved me a lot of time. It reminds me why I use Linux servers. I find them easier to admin.
Anonymous
June 07, 2007
LGR - I'm glad to be able to help. However, ease of administration is relative to one's skill set. Linux and Windows simply have different usage models. For example, I'm sure I find Linux as difficult to manage as you find Windows difficult to manage. But, I respect and leverage the advantages of each platform. //David
Anonymous
July 14, 2007
OK, but... don't work with .reg files. How to allow .reg files downloads on IIS 6.0
Anonymous
July 16, 2007
Thanks, this article helped alot.
Anonymous
July 16, 2007
David, I'm trying to get IIS 6.0 to serve up MP4 files without success. I've tried all of your suggestions so far in this list (re MIME Types etc) but it still just gives a 404 error page not found. Is there anything else that could be preventing MP4 files from being served? Regards, Rod
Anonymous
July 20, 2007
RodW - Please look in the IIS log file entry for the 404 response and if it is a:

404 3 50, that is due to incorrect MIME Type configuration
404 2 1260, that is due to misconfigured Application Mapping which does not have an enabled Web Service Extension
404 0 2, that is a real "File not found".
Anything else, it has nothing to do with IIS and depends on arbitrary ISAPI software installed on your server //David

Anonymous
July 30, 2007
OK. I did this and the log says its 404 2 1260 Since MP4 files are normally played by Apple Quicktime does this mean that I have to set up a Web Service Extension for MP4 as I have done for other files (like PHP etc)? If so, which of the many Quicktime dlls do I need to specify the as the required file?
Anonymous
August 06, 2007
The comment has been removed
Anonymous
August 19, 2007
thanks, your explanation helped me figure out why web deployment of symantec was having problems. todd
Anonymous
September 01, 2007
Please help !!! Anyway we can limit the file being download by file size? For example, all file >1Mb cannot be downloaded through HTTP
Anonymous
September 03, 2007
For anyone with 404 problems, make sure that your .php string in your Website -> Configuration matches with that in your ISAPI filter (if any) and in your Web Service Extension configuration. This is the correct way to do it and far safer than just enabling all Unknown ISAPI configurations.
Anonymous
September 16, 2007
thanks, very clear explanation.
Anonymous
September 20, 2007
Thanks a lot David for these useful information. It really helped me a lot. Thanks a million again.
Anonymous
September 21, 2007
Help!! I'm using the System.Net.WebClient because I need to roll this into a DLL for VB6 programs to use. 'Download a file works great. (2 lines of code) Dim wcClient As WebClient = New System.Net.WebClient() wcClient.DownloadFile("http://X/X/1.jpg", "C:1.jpg") Upload throws a 404 0 Not Fnd. If no credential passed, throws 401 wcClient.Credentials = New NetworkCredential("UID", "PW") wcClient.UploadFile("http://X/X/1.jpg", "PUT", "C:1.jpg") Can't find answer. Localhost works fine. Must be permissions?? Created virtual dir and assigned all read/write permissions to receiving folder on server. Any ideas or suggestions would be greatly appreciated...
Anonymous
October 07, 2007
deseo obtener los beneficios del este servicio
Anonymous
October 07, 2007
deseo obtener los beneficios de este servicio downlaods
Anonymous
October 07, 2007
deseo obtener todos los beneficios del programa via downloads
Anonymous
October 08, 2007
Thanks for the solution. I 'll remember that because I spent half a day searching.
Anonymous
October 18, 2007
Thanks, this fixed my problem.
Anonymous
October 24, 2007
The comment has been removed
Anonymous
October 30, 2007
I correct the problem, thanks for fast reply Tom
Anonymous
November 13, 2007
The comment has been removed
Anonymous
November 17, 2007
The comment has been removed
Anonymous
December 06, 2007
The comment has been removed
Anonymous
December 13, 2007
hi to all, i have done one project in vb.net, i dont know how to generate exe file and setup file, please help me thanks alot
Anonymous
January 29, 2008
Great help, I was even able to use it for my problem on IIS ver 5.1 and getting my .exe file to generate a response (option #2). Many thanks!!!!!!
Anonymous
February 01, 2008
Many thanks! Couldn't figure out why we couldn't download .exe files.
Anonymous
March 02, 2008
Let me add my thanks as wellf or a concise (and very useful) answer! :D
Anonymous
March 11, 2008
Even with the shear numbers of replies to your blog, let me add my thank you as well. Your post is concise and to the point! It's unfortunate vendor product documentation can't be like this.
Anonymous
March 14, 2008
G.S.Lyon - Welcome. Glad I could help and explain things quickly and concisely. //David
Anonymous
April 10, 2008
Thanks David, that "Scripts and Executables" had me too!
Anonymous
April 11, 2008
Awesome, that saved my day. Thanks David. That was really good!!
Anonymous
May 19, 2008
The comment has been removed
Anonymous
May 21, 2008
The comment has been removed
Anonymous
May 22, 2008
Hey..the view u mentioned are quiet good..but i m using verion IIS5.1...The mentioned thing is not working there...Kindly revert back
Anonymous
June 04, 2008
The comment has been removed
Anonymous
June 04, 2008
Doo4fun - It sounds like you configured every possible combination, all conflicting, so nothing works as it should. First, get rid of the configuration changes you made, such as adding the .exe MIME Type, .EXE Web Service Extension, and .EXE Application mapping. Your configuration is causing the misbehavior. Then, decide on what you want to do based on this blog entry, which describes how to properly configure all the options. Any other configuration is incorrect. //David
Anonymous
June 05, 2008
The comment has been removed
Anonymous
June 07, 2008
The comment has been removed
Anonymous
July 28, 2008
The comment has been removed
Anonymous
August 01, 2008
The comment has been removed
Anonymous
August 02, 2008
Ben - this sounds like a problem with your .exe files because they are not generating proper HTTP response to be interpreted as web content by browsers. Please run the .exe yourself and report the exact output produced by the .exe files, including output of every single byte that is sent, because HTTP cares around the exact bytes, not characters, being transferred. //David
Anonymous
August 03, 2008
Hi David -- Thanks for the response. The initial "load" page is very simple. Here is the output (the first character "C" is line 1, char 1): Content-Type: text/html; charset=ISO-8859-1 <html> <head><title>Company Title</title> <style type='text/css'>  </style> <script language=Javascript1.2>  </script> </head> <body onLoad='bodyLoad();'> <center><img src='../images/keysystems_logo.gif'></center> <br><br> <center><h3>Login</h3></center> <center> <FORM method='POST' name='one' onSubmit="return onFormSubmit();"> <table> <tr><td class='small-form'>Username:</td><td><INPUT TYPE='text' name='uname' class='small-form'></td></tr> <tr><td class='small-form'>Password:</td><td><INPUT TYPE='password' name='pd' class='small-form'></td></tr> <tr><td colspan='2'><INPUT TYPE='submit' value='Submit'></td></tr> </table> </FORM> </center> <FORM method='POST' name='two' action='main.exe'> <INPUT TYPE='hidden' name='hiddenuname'> <INPUT TYPE='hidden' name='hiddenpd'> </FORM> </body> </html>
Anonymous
August 04, 2008
Ben - What you provided is not proper HTML. Content-Type is a HTTP response header which should not show up as part of any HTML Markup, so that is a bug in the CGI. In order for the EXE to function properly to generate dynamic content that can be interpreted by a browser, it needs to output a proper HTTP response with HTML Markup as entity body. The following is what a proper-looking HTTP response should look like. It needs to be generated by the CGI EXE. HTTP/1.1 200 OK[CRLF] Connection: Close[CRLF] Content-Length: <byte count of HTML Markup as Entity Body>[CRLF] Content-Type: text/html; charset=ISO-8859-1[CRLF] [CRLF] <html>... </html> Some of the most common problems with CGI are:

not sending CRLF (hex 0D 0A) to terminate HTTP header lines as specified by HTTP 1.1 specification
not sending Content-Length, which forces the client to use Connection closure as way to know when the request is done. Combined with HTTP/1.1 which defaults to Connection: Keep-Alive, it means that CGI's which rely on "default" values will just fail.
not sending a Content-Type response header Based on what you provided, it looks like the CGI has several of these problems. If this CGI worked before, it was more because of a miracle than by-design. //David

Anonymous
August 05, 2008
David -- Appreciate your response. I'm going to work with the vendor to see what can be done here. Clearly, IIS6 is more strict about enforcing these rules than II5 or Apache 2.x, as the application seems to be running fine in those environments. Thanks again, and I'll post some further results when I get them. Ben
Anonymous
August 05, 2008
Ben - both of those named servers allow very badly written applications to semi-function. It makes the server look stellar in terms of compatibility, but all it really does is propagate badly written and non-conformant applications. We all know the same mess on the Browsers, which had bugs that allowed badly written applications (or even browser-bug-specific applications) to propagate... until conformance to HTML standards kicked in with some Browsers to clean things up. It may hurt in the short run, but in the long run, having applications which conform to public HTTP and HTML specifications is a good, not bad, thing. //David
Anonymous
August 06, 2008
The comment has been removed
Anonymous
August 06, 2008
Just to (maybe) make the script output clearer: HTTP/1.1 200 OK[CRLF] Connection: Close[CRLF] Content-Length: 101[CRLF] Content-Type: text/html; charset=ISO-8859-1[CRLF][CRLF] <html> <head> <title>Test Page</test> </head> <body> <h2>Testing...</h2> </body> </html>
Anonymous
August 09, 2008
Ben - IIS itself does not modify response output. However, you may have custom ISAPI that do modify response - I do not know your server's configuration. I do not count 101 bytes following the double [CRLF] (maybe some of the [CRLF] are eaten up by HTML, which does not preserve such whitespace by definition), which constitutes what the browser expects to download and display. Malformed HTTP response often results in unexpected (and different) behavior between browsers. //David
Anonymous
September 11, 2008
The comment has been removed
Anonymous
October 30, 2008
Hi David, I have been running into a problem. I have .sitx file which macintosh compressed file like .zip file. On our local environment we have IIS 5.1. Whenever I download .sitx file from my local environment it does good. It shows me 'File download' window. But on Production environment I have IIS 6.0, it is showing me 'File Not Found' error. Please suggest a solution to this. Thanks, Avinash
Anonymous
October 31, 2008
Avinash - the solution is actually mentioned in this blog entry. You want action #1 to happen, and the blog entry tells you how to do that. //David
Anonymous
November 26, 2008
Hello, I am facing problem in downloading .exe file from asp.net website which is hosted on IIS7 and Windows Server 2008. The following error comes when i am trying to download .exe file : HTTP Error 404.2 - Not Found The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server. It is perfactly working in IIS6 and windows server 2003. Any help is appreciated. Thanks & Regards, Amit
Anonymous
November 27, 2008
Amit - please read this blog entry for the solution. If you configure IIS7 the same as IIS6, it will work perfectly as well. //David
Anonymous
November 30, 2008
Hello David, Thanks for your quick reply. I have tried to follow your steps but still i am not able to download .exe file from my webiste hosted on IIS7 and Windows Server 2008. For your reference, here i am listing some of my IIS settings. ISAPI and CGI Restrictions description = Active Server Pages Restrictions = Allowed Path=c:windowssystem32inetsrvasp.dll description = ASP .NET v2.0.50727 Restrictions = Allowed Path=C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_isapi.dll description = [No Description] Restrictions = Allowed Path=C:Perlbinperl.exe "%s" %s description = [No Description] Restrictions = Allowed Path=C:Perlbinperlis.dll description = [No Description] Restrictions = Allowed Path=C:PerlbinPerlEx30.dll Handler Mappings on Site Level name=CGI-exe path=.exe stat=Enabled path type=File handler=CgiModule Access ->Read name=ISAPI-dll path=*.dll stat=Enabled path type=File handler=IsapiModule Access ->Read If you get any idea from the above information then please suggest me what other settings should i do? Or if you want some more information about my iis settings then pls let me know. Any help is appreciated. Thanks & Regards, Amit
Anonymous
December 29, 2008
Hello David, I am able to download an .exe file from IIS 6.0, but the progress bar shows "Estimated time left : Not Known", while if I change the extension of the file (lets say .dmg), I get the right estimation. What might cause that? Thanks, Ofer
Anonymous
January 02, 2009
Ofer - something is configured on IIS to cause the .exe extension to be transferred via chunked encoding instead of content-length. Since chunked encoding means "keep downloading until the server tells the browser it is done", it is not possible for the browser to estimate number of bytes remaining and hence impossible to estimate time left. The default behavior on IIS for static files like .exe is content-length, which gives the same behavior as .dmg. Thus, something on the server is configured to transfer .exe as chunked encoding. An ISAPI Filter or Application Mapping for * or .exe can result in this behavior. Since this non-default behavior is due to user configuration, you will have to determine whether that configuration is necessary and if not, remove it. Then .exe will download with content-length as expected. //David
Anonymous
January 02, 2009
Amit - You need to remove the handler mappings you added at the site level for CGI-EXE and ISAPI-DLL. They are incorrect and cause your issue. FYI: This is what your handler mapping definition is actually saying. It tells IIS to launch any EXE as CGI on the server-side whenever the resource is accessed by a client for download. That is clearly not what you want - you want IIS to send the EXE as download whenever the resource is accessed by a client for download. Removing your misconfiguration and adding .EXE MimeType should allow the default IIS configuration to function as you expect. //David
Anonymous
January 03, 2009
Hello David, Thank you for your response. The chuncked encoding hint set me on the right path, and actually I found the solution on another post by you :)http://www.eggheadcafe.com/software/aspnet/31045970/compression-and-disablin.aspx The exe extension was set to be compressed. Thank you again, Ofer
Anonymous
January 08, 2009
The comment has been removed
Anonymous
January 13, 2009
Defining MIME types in IIS helped me a lot. The issue was that some of the files were downloading (common extensions like "zip", "doc"), other files with unknown extensions - were not. Thank you very much ! This article was a great help !
Anonymous
January 13, 2009
st.silvia - Glad you resolved your issue. Honestly, I am glad that IIS6 forces the issue of making you define MIME types in IIS or else it refuses to send them as download... because that is the way things should be. Why? Because web administrators were lazy at defining MIME types, web browsers had to get incredibly smart at sniffing content to determine content-type so that it knows how to handle downloaded content. This has good and bad implications. For example, sending a file to be downloaded, or opened/executed looks EXACTLY the same to the server but are obviously very different user experiences in the web browser. Without the server providing MIME types, the web browser has to guess one way or another -- and web page developers start writing code to fool how each browser sniffs content in order to force the behavior that they wanted -- which is clearly not standards compliant nor solid code. If web servers forced the administrator to declare MIME Types from the beginning, web browsers would not need to sniff content, web developers would not need to write browser-specific code to defeat sniffing to achieve their desired client-side behavior, and things would be a lot cleaner today. //David
Anonymous
January 23, 2009
Unfortunately this did not answer my question. For some strange reason, EXE files don't completely download anymore. They stop at 98%
Anonymous
January 29, 2009
Webwinkel freak - This blog entry deals with allowing the EXE to download. If it fails at 98%, your question is completely unrelated to this. If you have a reliable repro, I suggest using a network monitor to capture the entire network traffic of the download. Then, you can see whether the problem is due to:

The Server prematurely closing the connection before download is complete
Any mismatch between the number of bytes the server promised to send in the header vs actually sent
Any other network anomaly Once you can determine if the problem is on the network or on the server/client, then you can proceed further. For example, if you determine the issue is on the server, you will need to examine what handler sent the .EXE download. By default it is the IIS Static File Handler, which doesn't have such issues, so I suspect your system has other custom handlers performing the download -- which means you have to start looking for bugs in those custom handlers. //David

Anonymous
February 05, 2009
Thanks David, I found this article helpful in enabling download of dxb files. Worked like a charm!
Anonymous
February 11, 2009
Hi David, You are a great help. My customer has tried many things to allow exe to download to browser. The product is an application run from a web server. I'm not to up on the networking stuff but I have it running from our web server (third party)....no problems. What happens is you click on a link on a web page, a couple downloads happen (one of which is the exe) and then the application runs.....fetching content (resources) from the server as needed. The site is getting a 404 error (just 404)....Object not found....although the file is there. The site is using IIS5.0. Please help.
Anonymous
February 18, 2009
Dirk - I suggest you read the threads of this post to find clues to answer your question. It is why I allow unlimited anonymous comments -- to gather collective community knowledge and experience. I suspect you will find searching for "URLScan" useful. //David
Anonymous
March 16, 2009
Thanks David. This solved my problem and I learned something.
Anonymous
March 27, 2009
The comment has been removed
Anonymous
March 29, 2009
The comment has been removed
Anonymous
March 30, 2009
Thanks for your reply. Unfortunately, I don't see the CGI/ISAPI feature on the Features screen. This is why I am confused. Does this feature need to be invoked some how?
Anonymous
March 30, 2009
Thanks for you reply. I don't see the CGI/ISAPI feature anywhere on the feature screen. Does this need to be invoked some how?
Anonymous
March 31, 2009
I found exactly what I need from this article. It makes so much sense. My CGI script is working perfectly! I hope this helps others: http://www.wrensoft.com/zoom/support/faq_cgi_iis.html
Anonymous
April 01, 2009
teenzbutler - did you install the CGI Feature to be able to run that .exe? It is not installed on IIS7 by default. //David
Anonymous
May 10, 2009
Hi, How can I enable download of a "*.rar" file. When I try to access the file via browser, I get the following error: "You are not authorized to view this page You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the Web server."
Anonymous
May 26, 2009
David, Thanks for the article. It worked for me.
Anonymous
June 03, 2009
Thank you very much!!! Really helpful information.
Anonymous
July 14, 2009
How can i download files with filename in japanese characters (収益認識.txt). i am getting a 404 error.working fine for english file names.
Anonymous
September 09, 2009
Hi David I had gone through the article and registered MIME types, still i am facing the issues. Issue: I am trying to download doc,docx,ppt and pptx from my .net website, hosted on Windows 2003 and IIS 6.0. It is saying "Unknown file type" for ppt and pptx, "wordpad document" for doc and "Compressed(zip folder)" for docx. Please let me know Am i missed out any configuration or Is there any other fix for this. Just for your information, I have registered the MIME types at IIS level not at default site or at my site. Thank you in advance for your help
Anonymous
January 18, 2010
The comment has been removed
Anonymous
February 10, 2010
Great post, simple but effective. Thanks
Anonymous
March 01, 2010
The comment has been removed
Anonymous
March 24, 2010
The comment has been removed
Anonymous
May 12, 2010
I also had this issue and adding the new MIME Type to IIS fixed it. Mine was actually for ".qwc" files and I was able to set their MIME type as the generic "application/octet-stream" in order to be able to download them.
Anonymous
January 20, 2012
The comment has been removed
Anonymous
March 03, 2014
The comment has been removed
Anonymous
March 03, 2014
The comment has been removed

Share via