Re: URLScan, multiple .ini files

From: Thomas Deml [MS] (thomad@online.microsoft.com)
Date: 09/30/02 

From: "Thomas Deml [MS]" <thomad@online.microsoft.com>
Date: Sun, 29 Sep 2002 16:52:34 -0700

That's correct. 

--
Thomas Deml
Lead Program Manager
Internet Information Services
Microsoft Corp.
"sa" <sa_spam@vit.net> wrote in message news:#2GGMLyZCHA.776@tkmsftngp08...
> I am sorry about dragging this  ;-)
>
> SO, in order to have a second URLSCAN, i would just copy all the content
of
> the urlscan directory to a differnt one (after stopping all IIS services),
> and then from the local site I would add another ISAPI and point it to the
> new location of urlscan.dll ? and then reboot.
>
> Is that right?
>
> Thanks again,
>
> "sa" <sa_spam@vit.net> wrote in message
news:OxdPx1xZCHA.1688@tkmsftngp09...
> > Folloow up:
> >
> > I have URLSCAN version 1.0 installed.
> >
> > Do I need to upgrade?
> > I don't want to run the Lockdown. Is there an Upgrade for URLScan only?
> >
> > I much rather not touch anything that is working now ;-)
> >
> > SA
> >
> >
> > "sa" <sa_spam@vit.net> wrote in message
> news:uBxgOuxZCHA.776@tkmsftngp08...
> > > Thanks David,
> > >
> > > so would the following scenario work:
> > >
> > > Global ISAPI:
> > >      Less restrictive URLScan ini/dll (to allow .exe's to go through
for
> > > example)
> > >
> > > LOCAL ISAPI:
> > >    - for sites that don't need .exe/cgi:
> > >           Add the more restrictive URLScan ini/dll (stopping all .exe)
> > >    - for sites that need the .exe/cgi
> > >           do nothing else.
> > >
> > > Thanks in advance,
> > > SA
> > >
> > > "David Wang [MS]" <someone@online.microsoft.com> wrote in message
> > > news:OkkGn5sZCHA.2420@tkmsftngp09...
> > > > You need to take the ISAPI Filter out of Global WWW and install it
> > > > individually for each site.  A filter cannot be "overriden"; its
> effects
> > > are
> > > > additive (if global and site filters are installed, both are
executed
> > for
> > > a
> > > > request to the site.
> > > >
> > > > Basically, URLSCAN.DLL takes configuration from URLSCAN.INI located
> > > wherever
> > > > the DLL that is loaded exists.  So, you can have two configurations
in
> > two
> > > > separate locations, and point all websites to either one or the
other.
> > > >
> > > > This isn't "easy", but you're asking for a feature that doesn't
exist
> in
> > > IIS
> > > > before IIS6...
> > > >
> > > > --
> > > > //David
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > //
> > > > "sa" <sa_spam@vit.net> wrote in message
> > > news:#JrJexkZCHA.2720@tkmsftngp10...
> > > > Thanks Thomas,
> > > >
> > > > Let me get this right ;-)
> > > >
> > > > So, I would take the ISAPI filter out of the Global "www",
> > > > then apply it indivitualy to each site ?
> > > >
> > > > OR
> > > >
> > > > would the different/new URLSCAN.dll (ISAPI filter), added to the
> > required
> > > > site,
> > > > would it then over-write the Global filter? (if it is the same name
> that
> > > > is)?
> > > >
> > > > Do I make sense? ;-)
> > > >
> > > >
> > > >
> > > > "Thomas Deml [MS]" <thomad@online.microsoft.com> wrote in message
> > > > news:eXzO5hkZCHA.2316@tkmsftngp12...
> > > > > You can, it's not supported though. You have to install
URLSCAN.DLL
> in
> > > > > different directories (a new directory per site) and map a
different
> > > > > URLSCAN.DLL/URLSCAN.INI pair to each site.
> > > > >
> > > > > Hope this helps.
> > > > >
> > > > > Thomas Deml
> > > > > Lead Program Manager
> > > > > Internet Information Services
> > > > > Microsoft Corp.
> > > > >
> > > > >
> > > > >
> > > > > "sa" <sa_spam@vit.net> wrote in message
> > > > news:egcPNQkZCHA.2304@tkmsftngp10...
> > > > > > Hi,
> > > > > > We are a small ISP running IIS4 with URLScan, with several
> websites
> > > > using
> > > > > > mostly virtual Ip's
> > > > > >
> > > > > > I need to run and .exe file on one of the websites, however,
don't
> > > want
> > > > to
> > > > > > cause additional security holes for the ones that don't require
> it.
> > > > > >
> > > > > > Is there a way to just allow this one site ".exe" ?
> > > > > >
> > > > > > Can I have multiple urlscan.ini files?
> > > > > >
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • URLScan... Hooray! [pause] Wheres the source code?
    ... I was positively surprised that Microsoft released URLScan. ... Can we trust MS to write an ISAPI filter that is safe, ... Has there been any source code reviews performed on this 'product' outside ...
    (Focus-Microsoft)
  • Re: URLScan, multiple .ini files
    ... the urlscan directory to a differnt one, ... >> Global ISAPI: ... URLSCAN.DLL takes configuration from URLSCAN.INI located ... and point all websites to either one or the other. ...
    (microsoft.public.inetserver.iis.security)
  • Re: URLScan, multiple .ini files
    ... You certainly do not need to reboot to run lockdown or install URLScan. ... don't even need to restart IIS to install a site filter. ... >> Global ISAPI: ...
    (microsoft.public.inetserver.iis.security)
  • Re: URLScan, multiple .ini files
    ... but still the trouble URL's are not rejected, and the log file in ... > the site in question (having the local ISAPI, ... >> You certainly do not need to reboot to run lockdown or install URLScan. ... Is there an Upgrade for URLScan ...
    (microsoft.public.inetserver.iis.security)
  • URLScan and IIS6
    ... not an upgrade from W2K and ... Is URLSCAN functionality built into IIS6 or should I ... install the latest URLSCAN (is there a Win 2003 specific ...
    (microsoft.public.inetserver.iis.security)