IIS HTTP Error 404 for .cs and .config files

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Bitbucket is unable to view .cs and .config files in commits or in pull requests and the following message appears when try to visualise a .cs or .config file in a commit:

Server Error

HTTP Error 404 - File or directory not found.

Description: The resource you are looking for might have been removed, 
had its name changed, or is temporarily unavailable.

Server Version Information: Internet Information Services 7.0.

Diagnosis

Environment

Windows Server.
Internet Information Services (IIS) configured as reverse proxy.

Cause

When you install the .NET Framework and register ASP.NET for IIS it will by default tell IIS to not serve these files.

This is generally considered a safe choice being .cs and .config files sensitive in case you are deploying .NET applications.

Solution

Resolution

Change the web.config for the website removing restrictions for file extensions served:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://internal_bitbucket_hostname:7990/{R:1}" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="false" stopProcessing="true">
                    <match filterByTags="A, Area, Form, Img, Link, Script" pattern="^http(s)?://(.*@)?hostname:7990/(.*)" />
                    <action type="Rewrite" value="http{R:1}://{R:2}external_bitbucket_hostname.com/{R:3}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
      <security>
         <requestFiltering>
            <fileExtensions applyToWebDAV="false">
				<!-- The following statement removes all the request filtering -->
               <clear />
            </fileExtensions>
         </requestFiltering>
      </security>
    </system.webServer>
</configuration>

Note that now all the extensions will now be served by IIS if you want to tailor the change just to allow .cs and .config you can use the following section:

<system.webServer>
	...
    <security>
        <requestFiltering>
            <fileExtensions>
                <remove fileExtension=".cs" />
				<remove fileExtension=".config" />
                <add fileExtension=".cs" allowed="true" />
                <add fileExtension=".config" allowed="true" />
            </fileExtensions>
        </requestFiltering>
    </security>
</system.webServer>

Updated on April 8, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support