RE: URLScan

From: Smart Business Lists (ourlists@int04.smartbusiness.net)
Date: 09/14/01


From: "Smart Business Lists" <ourlists@int04.smartbusiness.net>
To: <focus-ms@securityfocus.com>
Subject: RE: URLScan
Date: Fri, 14 Sep 2001 10:00:45 -0500
Message-ID: <008201c13d2e$084c69a0$8ef31a41@JOHN2>

To make frontpage extensions work you have to do a bit more than the
directions indicate. I was surprised at the way Deny Verbs worked.

But besides
        uncomment the OPTIONS verb and set "AllowLateScanning=1"
        and making sure UrlScan is listed lower than fpexedll.dll

I had to
        AllowDotInPath=1
        add PROPFIND to Allow Verbs
        remove PROPFIND from Deny Verbs
        remove TRANSLATE from Deny Headers

Also, you have to change the ini file and then restart IIS before you
can change the position of UrlScan filter.

Terry

-----Original Message-----
From: René Fehlmann [mailto:fehlmann@bluemail.ch]
Sent: Friday, September 14, 2001 2:55 AM
To: focus-ms@securityfocus.com
Subject: URLScan

Hi There,

I get this error when I try to access a Webserver with Frontpage.
the .dll should not be rejected nor can I find anything for the '.'!

Any Help is appreciated!

Thanks

René



Relevant Pages

  • Re: It seems I got hacked
    ... In fact, when I do this on my own webserver, URLScan kicks ... >>success and 200 does not always mean successful hacking. ... a head request is the same thing ...
    (microsoft.public.inetserver.iis.security)
  • URLScan
    ... Subject: URLScan ... I get this error when I try to access a Webserver with Frontpage. ... the .dll should not be rejected nor can I find anything for the '.'! ...
    (Focus-Microsoft)
  • iis attacks
    ... exe's to ain access into my webserver, ... a infected IIS trying to gain access to my site? ... Only Server name and Internal IP are modified ... UrlScan>, ~/scripts/root.exe, ...
    (microsoft.public.inetserver.iis.security)