URLSCAN
From: Dimitri Limanovski (dimitri@salliemaesolutions.com)Date: 09/20/01
- Previous message: Jim Harrison (SPG): "RE: Nimda.A and ISA server"
- Next in thread: McCammon, Keith: "RE: URLSCAN"
- Reply: McCammon, Keith: "RE: URLSCAN"
- Reply: Colin Stefani: "RE: URLSCAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <8E59B8D3ACFA454D95FCAF90CBADDE46443387@xchange.cambridge.salliemaesolutions.com> From: Dimitri Limanovski <dimitri@salliemaesolutions.com> To: 'Focus-MS' <focus-ms@securityfocus.com> Subject: URLSCAN Date: Wed, 19 Sep 2001 19:00:58 -0400
Where does one find more info on URLSCAN tool available from Microsoft?
I looked through README.TXT and URLSCAN.INI but couldn't figure out how to
block certain HTTP methods, disable possibly harmful extensions and disallow
requesting executables..
I wish there was a good readme enclosed with the product since I've heard it
was pretty effective against CodeRed-types of vulnerabilities.
Any info is GREATLY appreciated.
Dimitri
P.S. Just a though: moving CMD.EXE, FTP.EXE, TFTP.EXE along with dozen or so
other "popular" executables from %SYSTEMROOT% to other directory and ACL
them correctly on IIS will save you ass one day.
- Previous message: Jim Harrison (SPG): "RE: Nimda.A and ISA server"
- Next in thread: McCammon, Keith: "RE: URLSCAN"
- Reply: McCammon, Keith: "RE: URLSCAN"
- Reply: Colin Stefani: "RE: URLSCAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
