Re: OWA and URLScan
From: Deus, Attonbitus (Thor@HammerofGod.com)Date: 04/19/02
- Previous message: Deus, Attonbitus: "Re: Ensuring Disabling/Uninstalation of Windows XP Firewall in LAN enviro."
- In reply to: Mike Brentlinger: "Re: OWA and URLScan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Apr 2002 11:28:54 -0700 To: "Mike Brentlinger" <mdbrentlinger@hotmail.com>, FOCUS-MS@SECURITYFOCUS.COM From: "Deus, Attonbitus" <Thor@HammerofGod.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:56 AM 4/19/2002, Mike Brentlinger wrote:
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q309508
>
>more specifically.
>
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q309508#4
Hi Mike-
thanks for the links... However, if you look at both of those, you will see
the default DenyURLSequence tags are the 'standard' defaults for URL Scan...
i.e., "..","./ ","\ ",":","%", and "&" are all set to be filtered.
The issue is that with the recommended OWA URLScan ini's, any email with
those characters in the subject line will be inaccessible by the OWA
client. So far, it looks like the only way to allow a user to read email
with these characters in the subject line would be to allow at least "..",
"&", and "%" through, which I *really* don't want to do- particularly on an
OWA server...
Ya know?
Thanks-
t
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPMBh5ohsmyD15h5gEQIT1gCffxqOZCFvuRD1ufeWwLAGDwlY8WcAn1V5
QRfP461xKTDJcYFuv8dkficX
=03rv
-----END PGP SIGNATURE-----
- Previous message: Deus, Attonbitus: "Re: Ensuring Disabling/Uninstalation of Windows XP Firewall in LAN enviro."
- In reply to: Mike Brentlinger: "Re: OWA and URLScan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
