Re: URLscan problem

From: Matt (mattnorton@nc.rr.com)
Date: 02/11/03


From: "Matt" <mattnorton@nc.rr.com>
Date: Tue, 11 Feb 2003 05:16:35 -0800


Bonehead error. I did indeed restart the IIS server after
making changes to the .ini file. I think in my haste I
made a change and then tested for something unrelated to
the change I had actually made, leading me to believe the
changes were not taking effect.

I took a look at the URLscan log files and found my
problem with public folders. I needed to allow .com
extensions.

Thanks everyone for keeping me sane!

Matt
>-----Original Message-----
>For performance reasons, URLScan only reads configuration
when loading.
>This happens when you restart IIS.
>
>As for the Public Folder issue: Server Lockdown may
intentionally break
>functionality for security reasons (i.e. some
functionality are security
>risks and are intentionally disabled).
>
>If you suspect URLScan to be causing your issues, you can
always look at the
>URLScan log files at %SYSTEMROOT%\System32
\inetsrv\urlscan\*.log to find out
>the exact reason a certain request was rejected when
using OWA (and you'll
>probably find dozens of requests associated with the
failing OWA action).
>Then you can decide whether to change the configuration
of URLScan.
>
>I suspect that you made the recommended changes in the KB
but never
>restarted IIS so the URLScan changes never took hold.
>
>--
>//David
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>//
>"Matt" <mattnorton@nc.rr.com> wrote in message
>news:07c701c2d13a$deeb8300$3001280a@phx.gbl...
>I have URLscan installed on a Win2k Server machine running
>IIS 5.0. This particular Win2k Server machine is also an
>Exchange 2000 server running OWA. When I ran the IIS
>lockdown utility, I chose the Exchange 2000 template.
>When using OWA to access email, certain emails give a 404
>error depending on the characters in the subject line.
>This of course, is by design. However, when I go into the
>urlscan.ini file and "comment" out certain lines, it seems
>to have no effect. For instance, I can comment out
>the '&' under the DenyURLsequences section of the file,
>but emails with an '&' in the subject line still give a
>404. Am I missing something? Why don't my changes have
>any effect?
>
>Also, I have another somewhat related problem. The
>URLscan seems to be causing a problem with public folder
>management. When I try to manage public folders I get the
>error "The object is no longer available. Press F5 to
>refresh the display, then try again.
>ID no: 80040e19"
>I saw that this error is addressed in KB article 309508,
>however according to my urlscan.ini file everything is as
>it should be to allow public folder management. If I
>uninstall URLscan, this problem goes away. What can I do
>to fix this?
>
>
>Thanks!
>
>Matt
>
>
>.
>