'accessPolicy' is mis-represented and mis-understood #1119
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…all out that preventing execution does not necessarily prevent initialization.
Updated ms.date
tdykstra
pushed a commit
that referenced
this pull request
Dec 20, 2025
* Update using-dynamic-ip-restrictions.md (#1097) * Update using-dynamic-ip-restrictions.md broken link * Update iis/manage/configuring-security/using-dynamic-ip-restrictions.md Fixed link. * Update using-dynamic-ip-restrictions.md Fixed meta data author value's format --------- Co-authored-by: Wade Pickett <[email protected]> * 'accessPolicy' is mis-represented and mis-understood (#1119) * 'accessPolicy' is a little mis-represented. And definitely needs to call out that preventing execution does not necessarily prevent initialization. * Update add.md Updated ms.date * Update index.md --------- Co-authored-by: Wade Pickett <[email protected]> * Add SFI ms.custom values (#1120) * Update docfx.json with ms.update-cycle setting (#1121) Adding ms.update-cycle setting in docfx.json to reflect tier level support. * Update getting-started-with-the-iis-manager-in-iis-7-and-iis-8.md (#1124) Grammar error * Update Reverse Proxy Rule Templates (#1125) * adding URL Rewrite samples for blocking tomcat path traversal * updating URL Rewrite rule template article * Adding sample rule for redirecting https * Adding sample rule for redirecting https * Apply suggestions from code review Minor style guide related adjustments --------- Co-authored-by: Wade Pickett <[email protected]> --------- Co-authored-by: EsraShrouf <[email protected]> Co-authored-by: Steve Molloy <[email protected]> Co-authored-by: Dickson Mwendia <[email protected]> Co-authored-by: Fenton Hutson <[email protected]> Co-authored-by: Konst Khurin <[email protected]>
tdykstra
pushed a commit
that referenced
this pull request
Jan 7, 2026
* Update using-dynamic-ip-restrictions.md (#1097) * Update using-dynamic-ip-restrictions.md broken link * Update iis/manage/configuring-security/using-dynamic-ip-restrictions.md Fixed link. * Update using-dynamic-ip-restrictions.md Fixed meta data author value's format --------- Co-authored-by: Wade Pickett <[email protected]> * 'accessPolicy' is mis-represented and mis-understood (#1119) * 'accessPolicy' is a little mis-represented. And definitely needs to call out that preventing execution does not necessarily prevent initialization. * Update add.md Updated ms.date * Update index.md --------- Co-authored-by: Wade Pickett <[email protected]> * Add SFI ms.custom values (#1120) * Update docfx.json with ms.update-cycle setting (#1121) Adding ms.update-cycle setting in docfx.json to reflect tier level support. * Update getting-started-with-the-iis-manager-in-iis-7-and-iis-8.md (#1124) Grammar error * Update Reverse Proxy Rule Templates (#1125) * adding URL Rewrite samples for blocking tomcat path traversal * updating URL Rewrite rule template article * Adding sample rule for redirecting https * Adding sample rule for redirecting https * Apply suggestions from code review Minor style guide related adjustments --------- Co-authored-by: Wade Pickett <[email protected]> * Fix typo in preloadEnabled attribute documentation (#1122) * Fix typo in preloadEnabled attribute documentation * Apply suggestion from @wadepickett --------- Co-authored-by: Wade Pickett <[email protected]> --------- Co-authored-by: EsraShrouf <[email protected]> Co-authored-by: Steve Molloy <[email protected]> Co-authored-by: Dickson Mwendia <[email protected]> Co-authored-by: Fenton Hutson <[email protected]> Co-authored-by: Konst Khurin <[email protected]> Co-authored-by: David Brink <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request updates documentation for IIS handler attributes, specifically clarifying the behavior of
requireAccessandaccessPolicyattributes. It introduces additional explanatory notes to improve understanding of their functionality and execution context.Updates to
requireAccessattribute:requireAccessto emphasize its role in determining the execution level of a handler and added a note explaining that handlers may still be initialized even if theirrequireAccessvalue does not match the currentaccessPolicylevel. (iis/configuration/system.webServer/handlers/add.md)Updates to
accessPolicyattribute:accessPolicyto clarify its purpose as a filtering mechanism rather than a strict security policy and added a note explaining its interaction with therequiredAccessattribute. (iis/configuration/system.webServer/handlers/index.md)Additional updates:
There are docs in the older "unmaintained" trove of IIS documentation that reference this feature. I know there are great warnings about how we don't maintain those docs, but every so often someone sees a handler get initialized when it doesn't meet the
requireAccesspolicy and gets confused and files an issue that comes back to a PG. I can't open a PR on those. Not sure if they should also be updated or if we really don't maintain them anymore.