RE: URLScan

From: Marc Maiffret (marc@eeye.com)
Date: 03/12/02


From: "Marc Maiffret" <marc@eeye.com>
To: <michael.a.cardosa@accenture.com>, "CHM Security" <chmsecurity@hotmail.com>
Date: Mon, 11 Mar 2002 17:39:38 -0800

its possible the extension is blocked... however I would be willing to guess
that he is experiencing the download bug within urlscan that makes certain
types of downloads fail to work because of specific urlscan configurations
not related to blocked extensions.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: michael.a.cardosa@accenture.com
| [mailto:michael.a.cardosa@accenture.com]
| Sent: Monday, March 11, 2002 7:22 AM
| To: CHM Security
| Cc: security-basics@securityfocus.com
| Subject: Re: URLScan
|
|
|
| The URLScan tool gets its configuration from the urlscan.ini
| file. I think
| the default install folder is C:\Winnt\System32\inetsrv\urlscan, but I am
| not positive about that one. The urlscan.txt explains how to configure
| everything. Basically, you have the option to explicitly state which
| extensions to allow or state which to deny. In your case, if you know the
| extensions of all the files that you wish to be accessible, you could
| modify the following in the urlscan.ini:
|
|
| [options]
| UseAllowExtensions=0 ; if 1, use [AllowExtensions] section, else
| use [DenyExtensions] section
|
| [AllowExtensions]
|
| ;
| ; Extensions listed here are commonly used on a typical IIS server.
| ;
| ; Note that these entries are effective if "UseAllowExtensions=1"
| ; is set in the [Options] section above.
| ;
|
| .asp
| .htm
| .html
| .txt
| .jpg
| .jpeg
| .gif
| .exe <====== This would be your addition to allow clients to download
| ica32t.exe
|
| Of course, you would have to configure the rest of the section to
| allow all
| the relevant files on the webserver. Another good file to monitor is the
| urlscan.log. It contains the settings that urlscan was started with as
| well as details about any request that it denied.
|
| Hope that helps.
|
| mike
|
|
|
|
|
|
|
|
| "CHM Security"
|
| <chmsecurity@hotmail.co To:
| security-basics@securityfocus.com
| m> cc:
|
| Subject: URLScan
|
| 03/08/02 06:55 PM
|
|
|
|
|
|
|
|
|
|
| I am running Citrix nfuse on a IIS 5 server and attempted to install the
| urlscan.exe from M$. I have very limited knowledge on web servers and
| everytime I install the urlscan it kills the ability of clients
| to download
|
| the citrix web client (ica32t.exe) file. Like I said I have very limited
| knowledge of web servers and I'm not sure how I can edit the urlscan
| ruleset
| to allow this to happen. I would really like to run the urlscan tool to
| receive all of the benefits it provides, but as of right now I can't
| because
| it kills necessary functionality. Any help would be greatly appreciated!
|
| _________________________________________________________________
| Join the world's largest e-mail service with MSN Hotmail.
| http://www.hotmail.com
|
|
|
|
|
|
| This message is for the designated recipient only and may contain
| privileged, proprietary, or otherwise private information. If you have
| received it in error, please notify the sender immediately and delete the
| original. Any other use of the email by you is prohibited.
|
|



Relevant Pages

  • Re: URLSCAN on IIS6 config
    ... URLScan isn't rejecting it based on ".", it's rejecting the URL because you ... on IIS6 because it is not as good as the built-in support of IIS6. ... Web Service Extensions allow you control of which binaries can ...
    (microsoft.public.inetserver.iis)
  • Re: Stopping IIS from serving certain file types
    ... URLScan is the way to go for blocking files with certian file extensions. ... can configure URLScan to reject requests for .exe files to prevent Web ... below to view the article in the Microsoft Knowledge Base: ...
    (microsoft.public.inetserver.iis.security)
  • URLSCAN on IIS6 config
    ... in the allow extensions settings ... >I am having some problems getting URLScan 2.5 running ... >Request will be rejected. ... Extensions listed here are commonly used on a typical ...
    (microsoft.public.inetserver.iis)
  • Re: Downloading executables from IIS
    ... All configuration of URLScan is done through the URLScan.ini file, ... If this option is set to 1, URLScan will only permit requests for files ... extensions listed in the section. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Downloading executables from IIS
    ... >You need to edit the .ini file for URLScan to allow .exe ... requests for files ... > extensions listed in the section. ... > will permit requests for any other file extensions. ...
    (microsoft.public.inetserver.iis.security)