Re: URLscan problem

From: Matt (mattnorton@nc.rr.com)
Date: 02/11/03


From: "Matt" <mattnorton@nc.rr.com>
Date: Tue, 11 Feb 2003 05:16:35 -0800


Bonehead error. I did indeed restart the IIS server after
making changes to the .ini file. I think in my haste I
made a change and then tested for something unrelated to
the change I had actually made, leading me to believe the
changes were not taking effect.

I took a look at the URLscan log files and found my
problem with public folders. I needed to allow .com
extensions.

Thanks everyone for keeping me sane!

Matt
>-----Original Message-----
>For performance reasons, URLScan only reads configuration
when loading.
>This happens when you restart IIS.
>
>As for the Public Folder issue: Server Lockdown may
intentionally break
>functionality for security reasons (i.e. some
functionality are security
>risks and are intentionally disabled).
>
>If you suspect URLScan to be causing your issues, you can
always look at the
>URLScan log files at %SYSTEMROOT%\System32
\inetsrv\urlscan\*.log to find out
>the exact reason a certain request was rejected when
using OWA (and you'll
>probably find dozens of requests associated with the
failing OWA action).
>Then you can decide whether to change the configuration
of URLScan.
>
>I suspect that you made the recommended changes in the KB
but never
>restarted IIS so the URLScan changes never took hold.
>
>--
>//David
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>//
>"Matt" <mattnorton@nc.rr.com> wrote in message
>news:07c701c2d13a$deeb8300$3001280a@phx.gbl...
>I have URLscan installed on a Win2k Server machine running
>IIS 5.0. This particular Win2k Server machine is also an
>Exchange 2000 server running OWA. When I ran the IIS
>lockdown utility, I chose the Exchange 2000 template.
>When using OWA to access email, certain emails give a 404
>error depending on the characters in the subject line.
>This of course, is by design. However, when I go into the
>urlscan.ini file and "comment" out certain lines, it seems
>to have no effect. For instance, I can comment out
>the '&' under the DenyURLsequences section of the file,
>but emails with an '&' in the subject line still give a
>404. Am I missing something? Why don't my changes have
>any effect?
>
>Also, I have another somewhat related problem. The
>URLscan seems to be causing a problem with public folder
>management. When I try to manage public folders I get the
>error "The object is no longer available. Press F5 to
>refresh the display, then try again.
>ID no: 80040e19"
>I saw that this error is addressed in KB article 309508,
>however according to my urlscan.ini file everything is as
>it should be to allow public folder management. If I
>uninstall URLscan, this problem goes away. What can I do
>to fix this?
>
>
>Thanks!
>
>Matt
>
>
>.
>



Relevant Pages

  • RE: W3SVC, SMTP, IISAdmin services stopping..hacking?
    ... That SEARCH request is indicative of an attempt to exploit the ... of URLScan blocks SEARCH requests such as this one. ... Internet Services Manager -> right click on your server name -> Properties ... does contain a number of other very important security fixes for IIS. ...
    (microsoft.public.inetserver.iis.security)
  • Re: VS .NET & SDK vs. IIS LockDown & URLScan
    ... The Web Server Has Been Locked Down and Is Blocking the DEBUG Verb ... Stepping into a Web application or XML Web service failed because the IIS ... URLScan is a security tool that works in conjunction with the IIS Lockdown ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISAPI Filter:How to hide/modify the response header
    ... Here's the section from that URL which deals just with IIS HTTP information: ... The free IISlockdown tool from www.microsoft.com/download includes URLScan, ... which can be used to change or remove the banner from your web server. ...
    (microsoft.public.inetserver.iis.security)
  • Re: How do you hide the HTTP Server header?
    ... David Dietz -- IIS Technical Lead ... 2001 Microsoft Corporation. ... |>Subject: Re: How do you hide the HTTP Server header? ... |>IISlockdown includes URLscan which is I think an excellent security tool, ...
    (microsoft.public.inetserver.iis.security)
  • Re: URLscan problem
    ... URLScan only reads configuration when loading. ... This happens when you restart IIS. ... As for the Public Folder issue: Server Lockdown may intentionally break ...
    (microsoft.public.inetserver.iis.security)