RE: IIS5.0 Directory Browsing
From: CHRIS GRABENSTEIN (LFGRABC@lf.vccs.edu)Date: 11/29/01
- Previous message: Craig Humphrey: "RE: IIS5.0 Directory Browsing"
- Maybe in reply to: Enrico Tausz: "IIS5.0 Directory Browsing"
- Next in thread: McCammon, Keith: "RE: IIS5.0 Directory Browsing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <sc0635ad.070@lf.vccs.edu> Date: Thu, 29 Nov 2001 13:16:17 -0500 From: "CHRIS GRABENSTEIN" <LFGRABC@lf.vccs.edu> To: <focus-ms@securityfocus.com> Subject: RE: IIS5.0 Directory Browsing
Wouldn't entering http://yourserver.com/blabla.htm return the 404 error
page on most setups? Is there a way for a client to instruct the server
to ignore the default page?
-----Original Message-----
From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
Sent: Thursday, November 29, 2001 10:46 AM
To: "Enrico Tausz" <etausz@ig.com.br>, <focus-ms@securityfocus.com>
Subject: RE: IIS5.0 Directory Browsing
Use a different search tool. You do not need to enable directory
browsing to search a web site. DB is not necessarily a huge security
hole, assuming that your server is thoroughly secured. However, it
should be considered an "unnecessary risk."
And putting a default document in each directory is useless. I can
just
type in http://yourserver.com/blabla.htm and get a full listing
(assuming that you don't have a page called blabla.htm). If you do
have
that page, I'll just try something else until I get the goods.
Cheers
Keith
- Previous message: Craig Humphrey: "RE: IIS5.0 Directory Browsing"
- Maybe in reply to: Enrico Tausz: "IIS5.0 Directory Browsing"
- Next in thread: McCammon, Keith: "RE: IIS5.0 Directory Browsing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
