RE: URLScan

From: Mauri Gómez (mgc@gtd.es)
Date: 03/11/02 

From: Mauri Gómez <mgc@gtd.es>
To: "'CHM Security'" <chmsecurity@hotmail.com>, <security-basics@securityfocus.com>
Date: Mon, 11 Mar 2002 14:09:10 +0100

You should allow the get command for .exe extensions in the .ini file
located at C:\WINNT\system32\inetsrv\urlscan. The only thing you must do is
to erase the line in
[DenyExtensions] which references to execute .exe files on the server, but
be careful because this is a security hole, because many exploits use the
cmd.exe tool that is located in the winnt\system32 dir....
I recommend you that you change the path of cmd.exe, and place it in a
directory with ONLY administrative rights.
Regards.

Mauri

-----Mensaje original-----
De: CHM Security [mailto:chmsecurity@hotmail.com]
Enviado el: sábado, 09 de marzo de 2002 0:56
Para: security-basics@securityfocus.com
Asunto: URLScan

I am running Citrix nfuse on a IIS 5 server and attempted to install the
urlscan.exe from M$. I have very limited knowledge on web servers and
everytime I install the urlscan it kills the ability of clients to download
the citrix web client (ica32t.exe) file. Like I said I have very limited
knowledge of web servers and I'm not sure how I can edit the urlscan ruleset
to allow this to happen. I would really like to run the urlscan tool to
receive all of the benefits it provides, but as of right now I can't because
it kills necessary functionality. Any help would be greatly appreciated!

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com

Relevant Pages

  • RE: URLScan
    ... URLScan will stop blocking files with that extension. ... reboot your server. ... the citrix web client file. ... knowledge of web servers and I'm not sure how I can edit the urlscan ruleset ...
    (Security-Basics)
  • Re: IIS LockDown and URLScan issues
    ... The AllowDotInPath setting is a pure artifact of the UrlScan ... A value of 1 allows all requests to proceed, ... >> Directory transversal affects all web servers, ...
    (microsoft.public.inetserver.iis)
  • Re: URLScan (and Demarc PureSecure)
    ... I added focus-ids to the recipient list - if you reply to this, and it's not related to Intrusion Detection, please remove that recipient. ... still have reservations when it comes to allowing .exe ... > on opeing up specific .exe's via URLScan. ... >>> knowledge of web servers and I'm not sure how I ...
    (Security-Basics)
  • RE: URLScan
    ... that he is experiencing the download bug within urlscan that makes certain ... not related to blocked extensions. ... | knowledge of web servers and I'm not sure how I can edit the urlscan ...
    (Security-Basics)
  • Re: URLScan
    ... The URLScan tool gets its configuration from the urlscan.ini file. ... knowledge of web servers and I'm not sure how I can edit the urlscan ...
    (Security-Basics)