Add an ISAPI or CGI Restriction (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

ISAPI and CGI restrictions allow you to enable and disable the serving of dynamic content, which is present on the server as either a CGI file (.exe) or an ISAPI extension (.dll).


For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see ISAPI and CGI Restrictions Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

To add an ISAPI or CGI restriction

You can perform this procedure by using the user interface (UI), by running Appcmd.exe commands in a command-line window, by editing configuration files directly, or by writing WMI scripts.

User Interface

To use the UI

  1. Open IIS Manager and navigate to the level you want to configure. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, double-click ISAPI and CGI Restrictions.

  3. In the Actions pane, click Add.

  4. In the Add ISAPI or CGI Restriction dialog box, type the path of the .dll or .exe file in the ISAPI or CGI path text box, or click the browse button () to navigate to the location of the file.

  5. In the Description text box, type a brief description of the restriction.

  6. Check Allow extension path of execute to allow the restriction to run automatically. If you do not check this option, the restriction status is Not Allowed, which is the default. You can allow the restriction later by selecting it and clicking Allow in the Actions pane.

  7. Click OK.

Command Line

To add an ISAPI or CGI restriction, use the following syntax:

appcmd set config /section:isapiCgiRestriction /+"[path='string',description='string',allowed='True | False']"

The variable path string is the path of the CGI or ISAPI program. The variable description string describes the CGI or ISAPI program. The allowed attribute determines whether IIS can run the CGI or ISAPI program. For example, to create an ISAPI restriction that enables an ISAPI extension named Test ISAPI, type the following at the command prompt, and then press ENTER:

appcmd set config /section:isapiCgiRestriction /+"[path='%windir%\system32\inetsrv\test.dll',description='Test ISAPI',allowed='True']"

For more information about Appcmd.exe, see Appcmd.exe (IIS 7).


The procedure in this topic affects the following configuration elements:

<add> under <isapiCgiRestriction>

For more information about IIS 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.


Use the following WMI classes, methods, or properties to perform this procedure:

  • IsapiCgiRestrictionSection.Add

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also


Configuring ISAPI and CGI Restrictions in IIS 7