RE: URLScan

From: Bonner, Jon (Jon.Bonner@k12.sd.us)
Date: 03/11/02


From: "Bonner, Jon" <Jon.Bonner@k12.sd.us>
To: security-basics@securityfocus.com
Date: Mon, 11 Mar 2002 09:14:05 -0600

Open the following file: %systemroot%\system32\inetsrv\urlscan\urlscan.ini.
Scroll down in the file until you find the section containing the text ";
Deny executables that could run on the server" and then place a semicolon in
front of the EXE that appears below it. This comments out EXE so that
URLScan will stop blocking files with that extension. Then restart IIS or
reboot your server.

Jon Bonner

-----Original Message-----
From: CHM Security [mailto:chmsecurity@hotmail.com]
Sent: Friday, March 08, 2002 5:56 PM
To: security-basics@securityfocus.com
Subject: URLScan

I am running Citrix nfuse on a IIS 5 server and attempted to install the
urlscan.exe from M$. I have very limited knowledge on web servers and
everytime I install the urlscan it kills the ability of clients to download
the citrix web client (ica32t.exe) file. Like I said I have very limited
knowledge of web servers and I'm not sure how I can edit the urlscan ruleset

to allow this to happen. I would really like to run the urlscan tool to
receive all of the benefits it provides, but as of right now I can't because

it kills necessary functionality. Any help would be greatly appreciated!



Relevant Pages

  • Re: rpc over http with URLScan 2.5
    ... Thanks Charles, the information provided works to resolve the issue (so far, ... To be clear of the steps that I took from original install of URLScan 2.5, ... > of requests reaching the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: URLscan problem
    ... I did indeed restart the IIS server after ... I took a look at the URLscan log files and found my ... >URLscan seems to be causing a problem with public folder ...
    (microsoft.public.inetserver.iis.security)
  • Re: security advice (possible hacker activity?)
    ... I test URLScan before installing. ... server for virus, nothing found... ... Account Used for Logon by: ... I'd recommend installing it from the Lockdown ...
    (microsoft.public.inetserver.iis.security)
  • RE: W3SVC, SMTP, IISAdmin services stopping..hacking?
    ... That SEARCH request is indicative of an attempt to exploit the ... of URLScan blocks SEARCH requests such as this one. ... Internet Services Manager -> right click on your server name -> Properties ... does contain a number of other very important security fixes for IIS. ...
    (microsoft.public.inetserver.iis.security)
  • urlscan + OWA spell checker
    ... After enabling urlscan on my Exchange 2003 server, my OWA users can no longer ... Maps to webhits.dll, part of Index Server. ...
    (microsoft.public.exchange.admin)