Re: URLScan

From: dumbwabbit (dumbwabbit@yahoo.com)
Date: 03/19/02


Date: Tue, 19 Mar 2002 14:32:29 -0800 (PST)
From: dumbwabbit <dumbwabbit@yahoo.com>
To: Charles Otstot <charles.otstot@ncmail.net>

i know you can (and I do) move and ACL critical system
files (eg cmd.exe and other stuff from %systemroot%
locations), and allow *only* access to certain
directories containing executables, and there are
other ways of configuring it, I have done it... I just
still have reservations when it comes to allowing .exe
through IIS at all.

--- Charles Otstot <charles.otstot@ncmail.net> wrote:
> I have seen some messages in the Microsoft IIS and
> security news groups
> on opeing up specific .exe's via URLScan.
>
> Although the solutions were rather convoluted, you
> may want to check
> some of the groups there and post a question or two.
> I haven't worked
> with URLScan to the depth of knowing this one off
> the top of my head,
> but if I recall correctly, it *can* be done.
>
> Charlie
>
> dumbwabbit wrote:
>
> > Hmm, I would NOT recommend opening up the .exe
> > extension.
> > Rather, you may want to consider redirecting them
> to
> > an FTP site, either your own, or the Citrix
> download
> > location (if there is one, sorry I don't know,
> never
> > used this client).
> > Baaaaaad security risk to allow .exe
> > just my
> > .000002
> >
> > --- "Bonner, Jon" <Jon.Bonner@k12.sd.us> wrote:
> > > Open the following file:
> > >
> %systemroot%\system32\inetsrv\urlscan\urlscan.ini.
> > > Scroll down in the file until you find the
> section
> > > containing the text ";
> > > Deny executables that could run on the server"
> and
> > > then place a semicolon in
> > > front of the EXE that appears below it. This
> > > comments out EXE so that
> > > URLScan will stop blocking files with that
> > > extension. Then restart IIS or
> > > reboot your server.
> > >
> > > Jon Bonner
> > >
> > >
> > > -----Original Message-----
> > > From: CHM Security
> [mailto:chmsecurity@hotmail.com]
> > > Sent: Friday, March 08, 2002 5:56 PM
> > > To: security-basics@securityfocus.com
> > > Subject: URLScan
> > >
> > >
> > >
> > >
> > > I am running Citrix nfuse on a IIS 5 server and
> > > attempted to install the
> > > urlscan.exe from M$. I have very limited
> knowledge
> > > on web servers and
> > > everytime I install the urlscan it kills the
> ability
> > > of clients to download
> > > the citrix web client (ica32t.exe) file. Like I
> said
> > > I have very limited
> > > knowledge of web servers and I'm not sure how I
> can
> > > edit the urlscan ruleset
> > >
> > > to allow this to happen. I would really like to
> run
> > > the urlscan tool to
> > > receive all of the benefits it provides, but as
> of
> > > right now I can't because
> > >
> > > it kills necessary functionality. Any help would
> be
> > > greatly appreciated!
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Sports - live college hoops coverage
> > http://sports.yahoo.com/
>

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/



Relevant Pages

  • Re: URLScan (and Demarc PureSecure)
    ... I added focus-ids to the recipient list - if you reply to this, and it's not related to Intrusion Detection, please remove that recipient. ... still have reservations when it comes to allowing .exe ... > on opeing up specific .exe's via URLScan. ... >>> knowledge of web servers and I'm not sure how I ...
    (Security-Basics)
  • Re: IIS Lockdown/URLScan - no .exes
    ... INFO: Using URLScan on IIS ... Either I didn't read the Docs very>>well, or didn't configure things correctly, as my server ... >>Specifically, the server would not allow any .asp,>>or .exe files. ...
    (microsoft.public.inetserver.iis.security)
  • RE: URLScan
    ... I would NOT recommend opening up the .exe ... > extension. ... > reboot your server. ... > Subject: URLScan ...
    (Security-Basics)
  • Re: Downloading .exe files from an WinXP IIS server.
    ... Just be aware enabling .exe in URLscan removed one of its ... Better to make the URL download a zip. ... > the IIS ...
    (microsoft.public.windowsxp.security_admin)