Re: 403 forbidden error when redircting from http to https

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 11/05/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Tue, 5 Nov 2002 08:47:52 -0500

"Berno van Soest" <berno.vansoest@akzonobel.com> wrote in message
news:74c064c1.0211050110.18e795f6@posting.google.com...
> On some PCs I get a 403 error when a user is redirected from a page
accessed by
> http to a page that is accessed by https.
> Any thoughts?

It's a shame you didn't give us the full and complete error message. There
is no such thing as an error 403.

Try checking your permissions both in the IIS MMC and on the files and
folders themselves, or supply us with the full error message. You should
also consider enabling auditing as described below.

401.3 Unauthorized: Unauthorized due to ACL on resource
403.1 Forbidden: Execute Access Forbidden
403.1 Forbidden: Execute Access Forbidden
403.2 Forbidden: Read Access Forbidden
403.3 Forbidden: Write Access Forbidden
403.4 Forbidden: SSL required
403.5 Forbidden: SSL 128 required
403.6 Forbidden: IP address rejected
403.7 Forbidden: Client certificate required
403.8 Forbidden: Site access denied
403.9 Access Forbidden: Too many users are connected
403.10 Access Forbidden: Invalid Configuration
403.11 Access Forbidden: Password Change
403.12 Access Forbidden: Mapper Denied Access

===================

How can I enable auditing / logging on my computer / server?

A: Security event auditing is available in Windows 2000 / XP / .NET / NT but
is disabled by default. [Security event auditing is not available with
Windows 98, 95, ME, etc.]

Note that to enable logging of access to files or registry settings, you
must both enable logging in the overall computer policy AND also add
auditing settings on individual folders or registry keys in the NTFS
security properties in Windows Explorer or the REGEDT32 registry editor.
[Using REGEDIT will not work.] To log file access, the files must be on an
NTFS-formatted partition.

Note also that to enable logging of security events on a Windows domain, you
must change the auditing policy on all domain controllers. Changing the
auditing policy on the computers in the domain enables logging of failed
logins to the computers using local accounts and would not necessarily log
attempts to log into the domain.

Consider changing the Windows event log settings to be appropriate for your
environment. Consider increasing the maximum log size to retain more
information. Be careful not to log too much, or you might find that your
logs contain only a few minutes or hours worth of data. Finally, check the
logs to be sure logs are really being captured.

For more information on enabling and configuring auditing, see the articles
below:

http://nsa1.www.conxion.com/win2k/download.htm a.k.a. http://www.nsa.gov
    [look for the NSA Security Recommendation Guides for Windows 2000 and
also Group Policy]
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
13w2kadc.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310399 - XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300549 - 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248260 - 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301640 - 2000, file
access settings
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300958 - 2000,
monitoring for unauthorized user access
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q157238 - NT
http://www.labmice.net/troubleshooting/EventLog.htm

[Thanks to Thomas Deml and others]

Relevant Pages

  • Re: mysterious server shutdowns
    ... Note that to enable logging of access to files or registry settings, ... Note also that to enable logging of security events on a Windows domain, ... must change the auditing policy on all domain controllers. ...
    (microsoft.public.win2000.security)
  • Re: IIS Lockdown - access denied securing PF
    ... Well, I'm just guessing, but perhaps Exchange changed them, or perhaps the ... you may have the same problem changing the NTFS auditing ... security properties in Windows Explorer or the REGEDT32 registry editor. ... must change the auditing policy on all domain controllers. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Permissions for shared folders
    ... You right-click on a file or folder and select properties, ... You would enable Auditing to track file access. ... Note that to enable logging of access to files or registry settings, ... Note also that to enable logging of security events on a Windows domain, ...
    (microsoft.public.win2000.security)
  • Re: 403 forbidden error when redircting from http to https
    ... > How can I enable auditing / logging on my computer / server? ... > Note that to enable logging of access to files or registry settings, ... > security properties in Windows Explorer or the REGEDT32 registry editor. ... > must change the auditing policy on all domain controllers. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS denied access to this machine
    ... > I have just installed IIS on Windows XP Pro and when I go ... Try enabling auditing of failed login events and file access failures on all ... Note that to enable logging of access to files or registry settings, ... must change the auditing policy on all domain controllers. ...
    (microsoft.public.inetserver.iis.security)