Re: URLScan, multiple .ini files
From: David Wang [MS] (someone@online.microsoft.com)
Date: 10/09/02
- Next message: sdm: "Re: content advisor"
- Previous message: Simon: "Re: IIS recognize only Local Users and not Local Grps"
- In reply to: sa: "Re: URLScan, multiple .ini files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Wang [MS]" <someone@online.microsoft.com> Date: Wed, 9 Oct 2002 01:32:35 -0700
Are you running URLScan 2.5 (latest)? If not, you should run URLScan 2.5.
LoggingDirectory is an new feature in that version.
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "sa" <sa_spam@vit.net> wrote in message news:Ol25NS9aCHA.1712@tkmsftngp11... Still no go... in the second ("local" urlscan.ini) I used : LoggingDirectory=c:\winnt\system32\inetsrv\urlscan\urlscanlocal but still the trouble URL's are not rejected, and the log file in "urlscanlocal\urlscan.log" is not registering anything. SA "David Wang [MS]" <someone@online.microsoft.com> wrote in message news:u$hiSR0aCHA.4200@tkmsftngp08... > Alter the LoggingDirectory parameter in URLScan.ini to something other > than "". You can select relative or absolute path here. > > -- > //David > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "sa" <sa_spam@vit.net> wrote in message news:ONHUPRYaCHA.3752@tkmsftngp08... > David, > > so, I did setup urlscan.dll at the global level... > > then tried to setup a local URLSCAN, copied all files to a new directory, > edited the ini file, and in the local ISAPI pointed to the new urlscan.dll. > > BUT... > the site in question (having the local ISAPI, with green arrow) does NOT log > anything in it's local urlscan.log. > > Do I need to rename the urlscan.dll? Could there be a conflict with the > Gloabl & Local ISAPI .dll ? > > Thanks, > > > "David Wang [MS]" <someone@online.microsoft.com> wrote in message > news:ugzDFBTaCHA.1856@tkmsftngp11... > > You certainly do not need to reboot to run lockdown or install URLScan. > You > > don't even need to restart IIS to install a site filter. > > > > -- > > //David > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > // > > "sa" <sa_spam@vit.net> wrote in message > news:#2GGMLyZCHA.776@tkmsftngp08... > > I am sorry about dragging this ;-) > > > > SO, in order to have a second URLSCAN, i would just copy all the content > of > > the urlscan directory to a differnt one (after stopping all IIS services), > > and then from the local site I would add another ISAPI and point it to the > > new location of urlscan.dll ? and then reboot. > > > > Is that right? > > > > Thanks again, > > > > "sa" <sa_spam@vit.net> wrote in message > news:OxdPx1xZCHA.1688@tkmsftngp09... > > > Folloow up: > > > > > > I have URLSCAN version 1.0 installed. > > > > > > Do I need to upgrade? > > > I don't want to run the Lockdown. Is there an Upgrade for URLScan only? > > > > > > I much rather not touch anything that is working now ;-) > > > > > > SA > > > > > > > > > "sa" <sa_spam@vit.net> wrote in message > > news:uBxgOuxZCHA.776@tkmsftngp08... > > > > Thanks David, > > > > > > > > so would the following scenario work: > > > > > > > > Global ISAPI: > > > > Less restrictive URLScan ini/dll (to allow .exe's to go through > for > > > > example) > > > > > > > > LOCAL ISAPI: > > > > - for sites that don't need .exe/cgi: > > > > Add the more restrictive URLScan ini/dll (stopping all .exe) > > > > - for sites that need the .exe/cgi > > > > do nothing else. > > > > > > > > Thanks in advance, > > > > SA > > > > > > > > "David Wang [MS]" <someone@online.microsoft.com> wrote in message > > > > news:OkkGn5sZCHA.2420@tkmsftngp09... > > > > > You need to take the ISAPI Filter out of Global WWW and install it > > > > > individually for each site. A filter cannot be "overriden"; its > > effects > > > > are > > > > > additive (if global and site filters are installed, both are > executed > > > for > > > > a > > > > > request to the site. > > > > > > > > > > Basically, URLSCAN.DLL takes configuration from URLSCAN.INI located > > > > wherever > > > > > the DLL that is loaded exists. So, you can have two configurations > in > > > two > > > > > separate locations, and point all websites to either one or the > other. > > > > > > > > > > This isn't "easy", but you're asking for a feature that doesn't > exist > > in > > > > IIS > > > > > before IIS6... > > > > > > > > > > -- > > > > > //David > > > > > This posting is provided "AS IS" with no warranties, and confers no > > > > rights. > > > > > // > > > > > "sa" <sa_spam@vit.net> wrote in message > > > > news:#JrJexkZCHA.2720@tkmsftngp10... > > > > > Thanks Thomas, > > > > > > > > > > Let me get this right ;-) > > > > > > > > > > So, I would take the ISAPI filter out of the Global "www", > > > > > then apply it indivitualy to each site ? > > > > > > > > > > OR > > > > > > > > > > would the different/new URLSCAN.dll (ISAPI filter), added to the > > > required > > > > > site, > > > > > would it then over-write the Global filter? (if it is the same name > > that > > > > > is)? > > > > > > > > > > Do I make sense? ;-) > > > > > > > > > > > > > > > > > > > > "Thomas Deml [MS]" <thomad@online.microsoft.com> wrote in message > > > > > news:eXzO5hkZCHA.2316@tkmsftngp12... > > > > > > You can, it's not supported though. You have to install > URLSCAN.DLL > > in > > > > > > different directories (a new directory per site) and map a > different > > > > > > URLSCAN.DLL/URLSCAN.INI pair to each site. > > > > > > > > > > > > Hope this helps. > > > > > > > > > > > > Thomas Deml > > > > > > Lead Program Manager > > > > > > Internet Information Services > > > > > > Microsoft Corp. > > > > > > > > > > > > > > > > > > > > > > > > "sa" <sa_spam@vit.net> wrote in message > > > > > news:egcPNQkZCHA.2304@tkmsftngp10... > > > > > > > Hi, > > > > > > > We are a small ISP running IIS4 with URLScan, with several > > websites > > > > > using > > > > > > > mostly virtual Ip's > > > > > > > > > > > > > > I need to run and .exe file on one of the websites, however, > don't > > > > want > > > > > to > > > > > > > cause additional security holes for the ones that don't require > > it. > > > > > > > > > > > > > > Is there a way to just allow this one site ".exe" ? > > > > > > > > > > > > > > Can I have multiple urlscan.ini files? > > > > > > > > > > > > > > > > > > > > > Thanks in advance, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: sdm: "Re: content advisor"
- Previous message: Simon: "Re: IIS recognize only Local Users and not Local Grps"
- In reply to: sa: "Re: URLScan, multiple .ini files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
