Re: IIS Lockdown / URLScan 2.5
From: David Wang [MS] (someone@online.microsoft.com)
Date: 07/06/02
- Next message: x y: "Re: Why am I getting large log files full of blanks"
- Previous message: Karl Westerholm [MS]: "RE: IIS Lockdown - unable to edit script map"
- In reply to: agpiah: "Re: IIS Lockdown / URLScan 2.5"
- Next in thread: Ray: "Re: IIS Lockdown / URLScan 2.5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Wang [MS]" <someone@online.microsoft.com> Date: Fri, 5 Jul 2002 19:23:36 -0700
To change server name with URLScan running on IIS4 or later, you must :
1. Edit UrlScan.ini to include
[Options]
RemoveServerHeader=0
AlternateServerName=NewName
2.
Restart IIS
This works for HTM, ASP, ISAPI, CGI, etc.
The only time it will not work is if you run some application that uses
WriteClient to directly write out the response, headers and all. IIS is not
filtering all raw data sent to the client and thus will never see the Server:
header to replace.
I'm not aware of a bug in URLScan regarding this functionality, so it must be
something peculiar to your setup or editor. To proceed further, you will have
to say whether you have any other filters running on the machine, what HTTP
version request are you sending, what resource type are you retrieving, is your
editor leaving strange characters in UrlScan.ini, etc.
-- //David "agpiah" <agpiah@yahoo.com> wrote in message news:12d9b01c2233c$08e80af0$a5e62ecf@tkmsftngxa07... Thankyou David, Unfortunately I have tried this, I have stopped and restarted the website and the web publishing service, I have rebooted the computer and also made sure that the alternate name has the same number of characters as the original header ! I have placed the name in quotations and without (what is the rule on this should it be in quotations or not). Some more background information, I have a clean install patched up, created a web page using the virtual directory within the default web site, loaded IIS Lockdown 2.1 with asp enabled template and loaded urlscan 2.5. Im very confused ? >-----Original Message----- >For performance reasons, URLScan only reads configuration from URLScan.ini when >it loads, which only happens when you restart IIS. > >Thus, if you are modifying URLScan.ini, you only need to restart IIS after >saving that file in order for URLScan to pick up the configuration change. To >change your Server: header, make sure RemoveServerHeader=0 and >AlternateServerName is not empty. > >-- >//David > >"Agpiah" <agpiah@yahoo.com> wrote in message >news:14eb901c2232e$495a7d10$9ae62ecf@tkmsftngxa02... >Thanks, > >Unfortunately this doesnt work for me it still strips the >header completely and does not display it. Im working on a >fresh install, patched upto date with lockdown running. > >Any more suggestions please ? > > >>-----Original Message----- >>I put mine in double quotes (it had spaces) and had to >reboot. >>AlternateServerName="testname" >> >> >>Ray >> >>"agpiah" <agpiah@yahoo.com> wrote in message >>news:14f8501c222b1$4f5cc1f0$3aef2ecf@TKMSFTNGXA09... >>> I have installed and run IIS lockdown and URL Scan 2.5. >I >>> would like to make use of the alternate header response >(I >>> understand that this is a trivial security measure and >may >>> not be put in place on a live server but would like to >see >>> it working for educational reasons). >>> >>> I have congigured the urlscan.ini :- >>> >>> RemoveServerHeader=0 >>> AlternateServerName=testname >>> >>> However this results in the header response not being >sent >>> through (when checked against a telnet connection to >port >>> 80(the same as putting removeserverheader=1). >>> >>> Any ideas >>> Thanks >>> Agpiah >>> >> >> >>. >> > > >. >
- Next message: x y: "Re: Why am I getting large log files full of blanks"
- Previous message: Karl Westerholm [MS]: "RE: IIS Lockdown - unable to edit script map"
- In reply to: agpiah: "Re: IIS Lockdown / URLScan 2.5"
- Next in thread: Ray: "Re: IIS Lockdown / URLScan 2.5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
