Re: Log Question

From: Miroslaw Slawek Chorazy (mchorazy_at_depaul.edu)
Date: 02/27/04

Next message: Brian Glover: "RE: SYN_SENT to port 8081"

Previous message: dwr3ck_at_hushmail.com: "FPSE Admin Listner on IIS 6.0"
Maybe in reply to: Sean Warnock: "Log Question"
Next in thread: esardanons_at_presencia.net: "Re: Log Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Feb 2004 12:47:07 -0600
To: <focus-ms@securityfocus.com>, <swarnock@warnocksolutions.com>

Sean,

What about installing MS URLScan and configuring it to filter out the .IDA ISAPI?

I would not want IIS Log to be hit directly without going through some application/permission filter like URLScan.

with regards,

Miroslaw Chorazy

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Brian Glover: "RE: SYN_SENT to port 8081"

Previous message: dwr3ck_at_hushmail.com: "FPSE Admin Listner on IIS 6.0"
Maybe in reply to: Sean Warnock: "Log Question"
Next in thread: esardanons_at_presencia.net: "Re: Log Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Some emails not reaching new user; other user cannot open one email
... and I noticed that User2 was logged in as User1. ... of urlscan, I'll look into it. ... > view, filter, rule, or similar issue. ... > been corrupted somehow in the Exchange upgrade. ...
(microsoft.public.exchange2000.admin)
Re: Some emails not reaching new user; other user cannot open one email
... and I noticed that User2 was logged in as User1. ... of urlscan, I'll look into it. ... > view, filter, rule, or similar issue. ... > been corrupted somehow in the Exchange upgrade. ...
(microsoft.public.backoffice.smallbiz2000)
Re: urlscan question
... it wills log all initializing header of all app ppols ... > I suspect that you are seeing those URLScan logs because of the following: ... You can only filter it out at analysis time. ... >>> log the start and end of the filter each time the web service app pool ...
(microsoft.public.inetserver.iis.security)
Re: urlscan question
... i was just wondering if urlscan should be showing init's and terminations ... You can only filter it out at analysis time. ... > server has a public IP, everyone knows about it -- even if you've only ... i had enabled per process log files and dailly log files, ...
(microsoft.public.inetserver.iis.security)
Re: urlscan question
... Application Pool, period. ... I suspect that you are seeing those URLScan logs because of the following: ... You can only filter it out at analysis time. ... >> had enabled per process log files and dailly log files, ...
(microsoft.public.inetserver.iis.security)