RE: ASP trouble with IIS 6.0 security

From: Bénoni MARTIN (Benoni.MARTIN_at_libertis.ga)
Date: 04/29/04

  • Next message: Benny Late: "RE: IPS vs Firewall"
    Date: Thu, 29 Apr 2004 09:01:42 +0100
    To: "Noah" <noahc@ruraltel.net>, <security-basics@securityfocus.com>
    
    

    Humm... I was using the "include file" instead of the other one, so I will try it, cheers!

    The trouble I had was just sometimes and random: browsing on my website, a page displayed without any problem will not be displayed coming back to it after browsing other pages! Sometimes an ASP page with some HTML code in it gets me an "HTTP 500 error", sometimes a raw ASP (reading some intputs and redirecting to another pages according to these inputs) script gets stuck without being processed...

    With Mozzila, I had really less trouble, maybe IIS 6 is bugged, I do not know...that's a trouble as for debugging I take out every security option...so I am afraid when I will be hardening the web server! :(

    -----Message d'origine-----
    De : Noah [mailto:noahc@ruraltel.net]
    Envoyé : mercredi 28 avril 2004 19:55
    À : Bénoni MARTIN
    Cc : security-basics@securityfocus.com
    Objet : Re: ASP trouble with IIS 6.0 security

    This may be completely off but have you looked at your includes or does it
    make reference to them in the server error you get? Alot of issues with
    design of include functions that worked in IIS5 but not in IIS6.
    Example

    <!--#include file="../../includes/home_sidebar_inc.asp" -->
    will work in IIS5

    for IIS 6 you must make it virtual
    <!--#include virtual="/includes/home_sidebar_inc.asp" -->

    Noah Welshans
    Nex-tech Internet Solutions
    www.nex-tech.com

    ----- Original Message -----
    From: "Bénoni MARTIN" <Benoni.MARTIN@libertis.ga>
    To: <security-basics@securityfocus.com>
    Sent: Wednesday, April 28, 2004 10:02 AM
    Subject: ASP trouble with IIS 6.0 security

    Hi community,

    I am running IIS 6.0 under a W2K3 box, and most of my web pages have been
    written in ASP with Dreamweaver 2004 (I don't think this is really
    important, but...). Some of my ASP pages run into trouble: sometimes they
    are displayed in the right way, but sometimes they create a "NTTP 500 -
    Internal error". Looking around the web, seems to me I am not the only one
    to face this trouble, but no solution has been found...

    Seems also that a new security feature in IIS 6.0 performs this, but which
    one??? I just cannot set up a Linux box with Apache as I have an SQL Server
    2000...

    What can I do? Get back to IIS 5.x does not seems to be a good idea...

    Any idea will be welcomed!

    Cheers!

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Benny Late: "RE: IPS vs Firewall"

    Relevant Pages

    • RE: Cisco CSA
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Any reason not to use strcpy, strcat or scanf?
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: New Trojan?
      ... > Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Wireless access
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: antivirus for linux
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)