Re: URLScan for IIS

From: James M. Truxon (coyote@AVATARSYN.COM)
Date: 11/04/01

Message-ID:  <>
Date:         Sun, 4 Nov 2001 13:09:02 -0500
From: "James M. Truxon" <coyote@AVATARSYN.COM>
Subject:      Re: URLScan for IIS

>Then I tried to just access the default web page, /, on my server
>web page is without any trailing filename).
>was rejected. I looked in the log file, and this is what I saw:
>[Thu, Nov 01 2001 - 08:31:53] Client at URL contains
>extension '(null)', which is not specifically allowed. Request will be
>rejected. Raw URL='/'

>This was not right. How on earth can a file have a null extension? I
>a moment to laugh at the expense of some poor programmer, then set
>looking for a work-around. This package really has no documentation
>than the comments in the default INI file, and Microsoft's Knowledge
>has almost nothing in it pertaining to this package. So, I was reduced
>trial and error. After several attempts, the fix for my
>section now looks like this:


>; Extensions listed here are commonly used on a typical IIS server.
>; Note that these entries are effective if "UseAllowExtensions=1"
>; is set in the [Options] section above.


>The last line, ./, is what made the null file extension messages go
>and now allows my server to use the [AllowExtensions] properly.

this workaround for allowing default documents didn't actually work for
me, nor did a slew of other incarnations and combinations of [Options]
settings along with the "UseAllowExtensions=1" setting.

        have tried:
                empty "[DenyUrlSequences]" section
                all permutations of :
                        NormalizeUrlBeforeScan = [1|0]
                        VerifyNormalization = [1|0]
                        AllowHighBitCharacters = [1|0]
                        AllowDotInPath = [1|0]
                        AllowLateScanning = [1|0]
                tried various [AllowExtensions] entries
                application parent paths = [enabled | disabled]

and with each combination, the URL was still discarded by URLScan with
the "URL contains extension '(null)'" message. i'm a little befuddled.
are there multiple release versions of URLScan?

James Truxon
p: 419.243.7445
f: 419.243.7556
Avatar Syndicate.