Re: URLScan Rejects header "transfer-encoding:"

From: Jeff Cochran (jcochran.nospam@naplesgov.com)
Date: 03/14/03


From: jcochran.nospam@naplesgov.com (Jeff Cochran)
Date: Fri, 14 Mar 2003 13:20:12 GMT


Me neither. That's the first thing I looked at. But if it's there,
definitely remark it out and try.

Jeff

On Fri, 14 Mar 2003 13:11:59 +0800, "BB" <Bernard_at_3exp.com> wrote:

>mm.. I don't have this entry in my 3 W2k urlscan.ini
>
>Rgds.
>
>
>"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
>news:#DVYTce6CHA.2196@TK2MSFTNGP12.phx.gbl...
>> 1. notepad %SYSTEMROOT%\System32\inetsrv\urlscan\urlscan.ini
>> 2. Look for [DenyHeaders]
>> 3. Put a ';' (semicolon) in front of transfer-encoding
>> 4. Save and Restart IIS
>>
>> --
>> //David
>> This posting is provided "AS IS" with no warranties, and confers no
>rights.
>> //
>> "Charlie" <charliebwhite@yahoo.com> wrote in message
>> news:081801c2e9e6$6493e880$3401280a@phx.gbl...
>> Sorry! I meant to include this!
>>
>> ***IIS log reports:***
>> 2003-03-04 18:04:28 63.165.169.127 - W3SVC1 WIWEB
>> 10.9.9.100 80 GET /<Rejected-By-UrlScan> ~script.asp 404
>> 123 4203 136 15 HTTP/1.1 63.162.0.3:80 -
>>
>> ***URLScan reports:***
>> [03-04-2003 - 10:04:28] Client at 63.165.169.127: URL
>> contains disallowed header 'transfer-encoding:' Request
>> will be rejected. Site Instance='1', Raw URL='script.asp'
>>
>> And if you can quickly tell me how to configure URLScan to
>> allow "transfer-encoding" on top of this problem, it would
>> be greatly appreciated!
>> Thank You!
>>
>> >-----Original Message-----
>> >Can you post the line in urlscanxxx.log and iislog
>> >that urlscan rejected ?
>> >
>> >from there we should able to know why and how to solve it
>> >hopefully.
>> >
>> >Rgds.
>> >
>> >
>> >"Charlie" <charliebwhite@yahoo.com> wrote in message
>> >news:05d901c2e993$831019d0$2f01280a@phx.gbl...
>> >> I'm working with a client that is posting information to
>> >> our Acitive Server Page from a JDK emulator. However URL
>> >> scan is rejecting it and reporting this:
>> >>
>> >> URL contains disallowed header 'transfer-encoding:'
>> >> Request will be rejected. Site Instance='1'
>> >>
>> >> Client tells me he has it programmed to send for
>> example:
>> >> -----------
>> >> POST script.asp HTTP/1.1\n
>> >> Content-Type: application/x-www-form-urlencoded\n
>> >> Content-Length: nnnn\n
>> >> \n
>> >> name1=value1&name2=value2&phone=123%4567890$201212\n
>> >>
>> >> Post headers are: {Content-Type=application/x-www-form-
>> >> urlencoded, Content-Length=66}
>> >> ------------
>> >>
>> >> Must I turn off URLScanning in the UrlScan.ini file for
>> >> this to work? I'd rather not. How is URLScan
>> >> detecting "transfer-encoding:" ?? I'd rather prevent it
>> >> from sending this if possible? Any suggestions on
>> >> ensuring "transfer-encoding" is not sent.
>> >>
>> >> If nobody can help me with this problem, can someone
>> tell
>> >> me how to configure URLScan specifically to
>> >> allow "transfer-encoding:" in a header?
>> >>
>> >
>> >
>> >.
>> >
>>
>>
>