IIS 6.0 introduces a number of security features. For static content (such as HTML pages or text files that IIS serves directly to the client) a MIME type must be defined. See KB for more information.

Recently Mitch Tulloch warned against configuring a wild card MIME mapping. As a general rule the advice is good - do not configure a wildcard MIME mapping unless you absolutely need to (for example if you are serving files with no extension, or randonly generated extensions).

However the example he gives is not a good one. Web.config files are mapped to the HTTP Forbidden Handler by default, and requests for those files are rejected (by default) by the .NET runtime. So, if you need to configure a wild card MIME mapping, don't be worried that hackers will be able to discover your DB connection strings just because you add the MIME mapping!