Directory Listing Denied / No Log File

Topics: Developer Forum, User Forum
Sep 10, 2011 at 8:28 PM

I am using Windows 2003 / IIS 6. Got IIRF installed and /iirfstatus working correctly with no issues. I am using an iirf.ini taken right from the documentation (changed for my domain) to take a subdomain and convert it to a query variable (see below). 

When I try to access something like it SHOULD go to (test.php does exist and just outputs "here"). Instead it gives me:

Directory Listing Denied

This Virtual Directory does not allow contents to be listed.

Also, no log file is created. I have checked the Event Viewer and nothing failed to write that I could see. I gave IIS_WPG permissions to the iirf.dll as well as the iirf log folder - is there some other permissions that need to get set? Any idea how I can fix this?


Thanks in advance for any suggestions!



# IIRF.ini


# demonstrates transforming domain names to querystring params.

RewriteEngine ON

RewriteLog c:\inetpub\iirfLogs\iirf

RewriteLogLevel 5

StatusInquiry ON /iirfStatus RemoteOk

CondSubstringBackrefFlag *

# +++++++++++++++++++++++++++++++++
# Transform any domain name that is not www, into a query

# string param.  The reference character for captured

# groups in the RewriteCond, is * , according to the

# CondSubstringBackrefFlag directive.  (* is also the default).
RewriteCond %{HTTP_HOST} ^(?!www)([^.]+)\.travelingoms\.com [I]
RewriteRule ^/(.*)$      /test.php?host=*1 [U,L]

Sep 11, 2011 at 1:10 PM
Edited Sep 11, 2011 at 1:20 PM

You have /iirfstatus working - that means IIRF is properly configured as an ISAPI and is receiving requests. That's good.

That /iirfstatus is working does not imply that your iirf.ini has been read in successfully. It implies only that IIRF.dll is being loaded successfully.  For IIRF to work properly, two things must happen:  (1) IIS must load IIRF.dll as an ISAPI filter; then, (2) the IIRF.dll must find and read its configuration from the iirf.ini file.  If the load part succeeds, and the config part fails, /iirfstatus will still respond, though there is no active configuration for IIRF.  So, check the output of /iirfstatus.  It is not simply a yes/no is-it-working/is-it-not-working thing. Among other things, the iirf status report indicates:

- the full path of the IIRF.ini file that has been read in, if any.  Does this name match what you expect?  It is possible for this path to be empty, in the iirfstatus report. By default, if IIRF cannot find an iirf.ini file (because of some configuration confusion, for example), then /iirfstatus will "work" - it will emit a report.  But IIRF has no rules, so it will do nothing further. In particular,  IIRF will not create a log file, if it has not read an iirf.ini file.  Check to see that the iirfstatus report indicates the iirf.ini you expect.

- the full path of the IIRF log file, if any.  Does this match what you expect?  Is there a file present in that location? keep in mind that the argument to the RewriteLog directive (in your case, c:\inetpub\iirfLogs\iirf ) is the "stub" of the iirf logfile that gets created. It is not the name of the logfile, nor is it the name of the directory into which the logfile will be placed.  

If the path of the logfile is shown in /iirfstatus, and yet there is no logfile at that path, it indicates that IIRF failed to create the logfile. In that case, IIRF spools an event to the Windows Event Log . (It just occurs to me that IIRF could be changed to also provide notice of that failure in the /iirfstatus report, too.  I will make that change for future versions of IIRF).   I feel sure that, if there is a logfile path listed in /iirfstatus, then either there is an IIRF logfile at that path, or there is a Windows Event explaining why there is no logfile at that path. For example, If the problem was a permissions error, then you would have a Windows Event referring to E_NOACCESS => error 5, access denied while writing the logfile.

- a count of errors or warnings in processing the iirf.ini file, if any. In the latest version of IIRF, the /iirfstatus report also lists the exact errors and warnings and their positions in the ini file(s).


A closer examination of the /iirfstatus report will probably give you some additional useful information.


Sep 11, 2011 at 1:22 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Sep 11, 2011 at 1:26 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Sep 14, 2011 at 3:18 PM

I posted this into the Work Item but since it was marked "closed" I am wondering if it never alerted you to a reply. So just reposting in case you didn't see it.


Wow - thank you so much for your detailed answer! I have made a little progress, but still not working.

I opened up the server today to find lots of log files! Yet, when I tried to go to a subdomain ( it again said Directory Listing Denied and NO LOG FILE WAS CREATED! So now I am understanding a bit more. When someone makes a valid call to the site, a log file is correctly generated and everything works fine. When I make a call to a URL on that domain that doesn't exist (that I am hoping the dll will handle) then the dll is never called so the log file is never created. So this must be a permissions issue in IIS. Something is stopping the request before it makes it to the dll. 

Have you ever seen this before? Is there any advice? I understand the issue isn't with your dll now, but seeing as you have much more experience integrating it with IIS thought maybe you could point me in the right direction. What sort of permissions need to be set to allow a nonexistant call to still make it to your dll?

Thanks for any advice you might have!

Sep 14, 2011 at 7:10 PM

Thanks Jenn, for repeating the message.  I closed that workitem because I did find, based on code inspection, some problems that I needed to fix. So I fixed them and checked-in the changes. There was nothing more to do on those fixes, so I closed the workitem. If there's something else I'll open another one.  

back to your situation - It's my understanding that you can use wildcard host mapping - in other words, you can configure IIS to serve requests for for all "known" domain names, in each particular "website". Then for any unknown domain name, I think requests for those just get served by the default website. OR sometihng. Apparently IIS is actively responding to the request if you get "Directory Listing Denied".  If IIS is responding, then it means you could use IIRF to rewrite or change that response.

The first thing to do is to find out which website is serving requests to . Then, install IIRF on that website (or install an IIRF.ini if you have IIRF installed server wide).

Then, use conditions (Rewritecond) in IIRF to filter out requests for domans that don't exist.  For example, if each domain has a corresponding directory or file in the filesystem, and it uses the same name, then you can test for filesystem existence using the -d or -f tests.  What I mean is, has a root at c:\roots\test1 and has a root at c:\roots\test2, then it's easy to check whether a directory exists with -d.  If you get a request on, you can test for existence of c:\roots\Hippo and if it does not exist, then send them a nice 404 page. 

If you have a different way of mapping from domain name to directory path, if, for example if is rooted at c:\dir\root1 , and is rooted at g:\somewhereelse\Truly,  then you cannot directly use -f or -d.   In that case you could use a RewriteMap and a mapfile that provides the relation.  The map file would contain something like this:  c:\dir\root1  g:\somewhereelse\Truly

...and then you'd need to do a map lookup (check the docs) and use the -d test on the result of the lookup. There are examples in the documentation that cover this.

So I think what you want to do is quite possible, maybe you could say "straightforward",  with the directives that are available in IIRF.


Sep 15, 2011 at 3:14 PM

LOL! After reading this and trying everything and some googling, the answer was SO easy! I am so sorry to have bugged you! I didn't know to put in a blank host header entry for the domain in IIS. I just had host header entries for "" and "" so only subdomains "www" and "" were being directed here. Oops!

In case anyone else is having this problem, here is the answer I found:


  • Open IIS Management Console and select your web site.
  • Right click on it and select Properties.
  • Click on Web Site tab.
  • Click on Advanced button.
  • Make sure there is one entry under the Multiple identities for this Web Site with Host Header Namefield blank. This entry will intercept all requests that comes to this IP address.

Thanks so much for helping me out and giving me the right keywords to search on to figure this out. 


Sep 15, 2011 at 7:01 PM

Super - glad you sorted it out. Thanks for replying.