Re: URLScan, multiple .ini files
From: David Wang [MS] (someone@online.microsoft.com)
Date: 10/01/02
- Next message: fustinoni: "Name mapping : 1 certificate, multiple user accounts"
- Previous message: Ken Schaefer: "Re: PORT SCAN"
- In reply to: sa: "Re: URLScan, multiple .ini files"
- Next in thread: sa: "Re: URLScan, multiple .ini files"
- Reply: sa: "Re: URLScan, multiple .ini files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Wang [MS]" <someone@online.microsoft.com> Date: Tue, 1 Oct 2002 02:53:43 -0700
You certainly do not need to reboot to run lockdown or install URLScan. You
don't even need to restart IIS to install a site filter.
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "sa" <sa_spam@vit.net> wrote in message news:#2GGMLyZCHA.776@tkmsftngp08... I am sorry about dragging this ;-) SO, in order to have a second URLSCAN, i would just copy all the content of the urlscan directory to a differnt one (after stopping all IIS services), and then from the local site I would add another ISAPI and point it to the new location of urlscan.dll ? and then reboot. Is that right? Thanks again, "sa" <sa_spam@vit.net> wrote in message news:OxdPx1xZCHA.1688@tkmsftngp09... > Folloow up: > > I have URLSCAN version 1.0 installed. > > Do I need to upgrade? > I don't want to run the Lockdown. Is there an Upgrade for URLScan only? > > I much rather not touch anything that is working now ;-) > > SA > > > "sa" <sa_spam@vit.net> wrote in message news:uBxgOuxZCHA.776@tkmsftngp08... > > Thanks David, > > > > so would the following scenario work: > > > > Global ISAPI: > > Less restrictive URLScan ini/dll (to allow .exe's to go through for > > example) > > > > LOCAL ISAPI: > > - for sites that don't need .exe/cgi: > > Add the more restrictive URLScan ini/dll (stopping all .exe) > > - for sites that need the .exe/cgi > > do nothing else. > > > > Thanks in advance, > > SA > > > > "David Wang [MS]" <someone@online.microsoft.com> wrote in message > > news:OkkGn5sZCHA.2420@tkmsftngp09... > > > You need to take the ISAPI Filter out of Global WWW and install it > > > individually for each site. A filter cannot be "overriden"; its effects > > are > > > additive (if global and site filters are installed, both are executed > for > > a > > > request to the site. > > > > > > Basically, URLSCAN.DLL takes configuration from URLSCAN.INI located > > wherever > > > the DLL that is loaded exists. So, you can have two configurations in > two > > > separate locations, and point all websites to either one or the other. > > > > > > This isn't "easy", but you're asking for a feature that doesn't exist in > > IIS > > > before IIS6... > > > > > > -- > > > //David > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > // > > > "sa" <sa_spam@vit.net> wrote in message > > news:#JrJexkZCHA.2720@tkmsftngp10... > > > Thanks Thomas, > > > > > > Let me get this right ;-) > > > > > > So, I would take the ISAPI filter out of the Global "www", > > > then apply it indivitualy to each site ? > > > > > > OR > > > > > > would the different/new URLSCAN.dll (ISAPI filter), added to the > required > > > site, > > > would it then over-write the Global filter? (if it is the same name that > > > is)? > > > > > > Do I make sense? ;-) > > > > > > > > > > > > "Thomas Deml [MS]" <thomad@online.microsoft.com> wrote in message > > > news:eXzO5hkZCHA.2316@tkmsftngp12... > > > > You can, it's not supported though. You have to install URLSCAN.DLL in > > > > different directories (a new directory per site) and map a different > > > > URLSCAN.DLL/URLSCAN.INI pair to each site. > > > > > > > > Hope this helps. > > > > > > > > Thomas Deml > > > > Lead Program Manager > > > > Internet Information Services > > > > Microsoft Corp. > > > > > > > > > > > > > > > > "sa" <sa_spam@vit.net> wrote in message > > > news:egcPNQkZCHA.2304@tkmsftngp10... > > > > > Hi, > > > > > We are a small ISP running IIS4 with URLScan, with several websites > > > using > > > > > mostly virtual Ip's > > > > > > > > > > I need to run and .exe file on one of the websites, however, don't > > want > > > to > > > > > cause additional security holes for the ones that don't require it. > > > > > > > > > > Is there a way to just allow this one site ".exe" ? > > > > > > > > > > Can I have multiple urlscan.ini files? > > > > > > > > > > > > > > > Thanks in advance, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: fustinoni: "Name mapping : 1 certificate, multiple user accounts"
- Previous message: Ken Schaefer: "Re: PORT SCAN"
- In reply to: sa: "Re: URLScan, multiple .ini files"
- Next in thread: sa: "Re: URLScan, multiple .ini files"
- Reply: sa: "Re: URLScan, multiple .ini files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
