Re: Can't download exe's from my own site
From: Jack Brewster (jbrewsterPLEASENO@SPAMnthurston.k12.wa.us)
Date: 06/05/02
- Next message: Microsoft.com: "Re: Code Red II"
- Previous message: David Cur.: "anti-DoS registry enteries?"
- In reply to: EagleTender: "Re: Can't download exe's from my own site"
- Next in thread: Jeff Cochran: "Re: Can't download exe's from my own site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jack Brewster" <jbrewsterPLEASENO@SPAMnthurston.k12.wa.us> Date: Tue, 4 Jun 2002 17:23:08 -0700
This doesn't stop visitors from _running_ the .exe files _on their
comptuers_.
What Urlscan does is disallow certain file types from being requested (among
other features). When the .exe was blocked (prior to your editing the
urlscan.ini file) any web visitor that requested a file with that extensions
would receive a 404 from Urlscan, not actually the webserver (It's kind of a
slight-of-hand thing).
Users _cannot_ run .exe files (at least they shouldn't be able to, who knows
what the next security hole will offer? :) _on_ your web server. However
when they click on a .exe link, the file is actually downloaded to their
computer where they _can_ run .exe files. In most (basically all) cases,
the web browser will always ask "What do you want me to do with this? Run
it? Save it?"
So, to summarize, if you are worried about users being able to run these
.exe files _on_ your server, don't worry about it.
Jack
"EagleTender" <EagleTender2001@yahoo.com> wrote in message
news:OHyPhJBDCHA.1732@tkmsftngp02...
> That did it! Thanks. Second question: I removed the .exe from the
> urlscan.ini file in the DenyExtensions section, however does this now
allow
> users to run executables also? I dont' want them to execute them, I want
> them to only download them. Is there a way to turn one feature off
without
> the other? Even though I have Execute Permissions to None, it still lets
> users run an executable unless I put the exe back in the DenyExtensions.
>
> <jcochran at naplesgov dot com (Jeff Cochran)> wrote in message
> news:3cfd1eb4.2096995@news.supernews.com...
> > >My company has an internet site that is used primarily for users of our
> > >program to download information, documents, etc. Most of these
downloads
> > >are in a self-extracting zip file, and recently we discovered that we
> cannot
> > >download these files. We receive the Page Not Found error. I know the
> > >files are there, and if I rename them and change the link accordingly,
it
> > >works fine. The only thing I can think of that we changed recently is
> > >applying the ms02-018 patch, I do not see anything in that patch that
> would
> > >have changed this ability. Does anyone else have this problem, or does
> > >anyone have an idea of why this would be, and what I can do to fix it?
> We
> > >are not trying to execute these files, simply download them (although I
> did
> > >change the Execute Permissions to include executables to see if that
> would
> > >make a difference).
> > >
> > >Our firewall is maintained by someone else, could it be something in
the
> > >firewall?
> >
> > By default, transfer of EXE files is denied using URLScan and by using
> > the lockdown tool to install it. Check the documentation on how to
> > reverse the process and you should be fine.
> >
> > Jeff
>
>
- Next message: Microsoft.com: "Re: Code Red II"
- Previous message: David Cur.: "anti-DoS registry enteries?"
- In reply to: EagleTender: "Re: Can't download exe's from my own site"
- Next in thread: Jeff Cochran: "Re: Can't download exe's from my own site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
