Re: urlscan configuration for specific cgi apps
From: Thomas Deml [Msft] (thomad@online.microsoft.com)
Date: 12/12/02
- Next message: Thomas Deml [Msft]: "Re: shared SSL"
- Previous message: Nimesh Bhandari: "Re: Problem starting windows service from ASP"
- In reply to: billemery: "urlscan configuration for specific cgi apps"
- Next in thread: BB: "Re: urlscan configuration for specific cgi apps"
- Reply: BB: "Re: urlscan configuration for specific cgi apps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Thomas Deml [Msft]" <thomad@online.microsoft.com> Date: Wed, 11 Dec 2002 22:59:37 -0800
No, not really.
there is one way to do this though:
Here is a little trick that allows only a particular executable to run
without having to give executable rights to an entire virtual directory.
Unfortunately this is not supported via the UI. Here is how you do it via
script:
Lets suppose you have a virtual directory called cgivdir underneath the root
node of your site. Within this vdir is the CGI program you have to run
called mycgi.exe. First you should remove all rights from the cgivdir
directory. You do not even have to allow read access or allow anonymous
request:
adsutil.vbs set w3svc/1/root/cgivdir/AccessFlags 0
adsutil.vbs set w3svc/1/root/cgivdir/AuthFlags 0
Then you simply create a metadata node for mycgi.exe underneath the cgivdir
virtual directory.
adsutil.vbs create w3svc/1/root/cgivdir/mycgi.exe IIsWebFile
As a last step you only allow the necessary access rights to mycgi.exe
adsutil.vbs set w3svc/1/root/cgivdir/mycgi.exe/AccessExecute true
adsutil.vbs set w3svc/1/root/cgivdir/mycgi.exe/AuthAnonymous true
Now nothing but mycgi.exe can be executed in the cgivdir virtual directory.
If you have no other virtual directory with execute access you basically
achieved the goal. To find out if other directories have Execute rights try:
c:\Inetpub\AdminScripts\adsutil.vbs find AccessExecute
or go through every site and virtual directory in your site and look if you
find "Execute permissions" set to "Scripts and Executables".
Hope this helps.
-- Thomas Deml Lead Program Manager Internet Information Services Microsoft Corp. "billemery" <emery_bill@hotmail.com> wrote in message news:09eb01c2a16d$f32bb3f0$8af82ecf@TK2MSFTNGXA03... > is it possible to configure urlscan so that a paticular > cgi program say prog.exe is allowed but no other .exe ? > > ie http://www.webpage.com/cgi-bin/prog.exe ?parm1....&parmn > would be allowed. > the command line could have & in it also separating the > parms. > > >
- Next message: Thomas Deml [Msft]: "Re: shared SSL"
- Previous message: Nimesh Bhandari: "Re: Problem starting windows service from ASP"
- In reply to: billemery: "urlscan configuration for specific cgi apps"
- Next in thread: BB: "Re: urlscan configuration for specific cgi apps"
- Reply: BB: "Re: urlscan configuration for specific cgi apps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
