Re: URLScan Logs
From: BB (qbernard_at_hotmail.com)
Date: 06/12/03
- Next message: BB: "Re: Certsvr Is BROKEN."
- Previous message: BB: "Re: You are not authorized..."
- In reply to: Nancy Forbes: "URLScan Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Jun 2003 14:20:32 +0800
I'm not a webdav expert, from the log urlscan blocked
such request. to check if webdav is disabled or not
refer this registry key
http://support.microsoft.com/?id=241520
IIS Lockdown also has an option to disabled this for you.
If you need webdav, then you should enable it and edit
the urlscan.ini. why is it in the log and users didn't
complaint ? my guess is these verb were issued to server
using 'webfolder' method, but users doesn't seems to
aware of this and they are not trying to update a file
using this method. more info..
http://support.microsoft.com/?id=195851
-- Regards, Bernard Cheah http://support.microsoft.com/ "Nancy Forbes" <forbesn@chiefind.com> wrote in message news:41c701c32f5f$15176840$3101280a@phx.gbl... > I am getting the following items in my URLScan Log files. > These are all being generated from the Developers system. > He is not complaining about having problems. To my > knowlege he is not using WEBDav. It is a .NET Web site. > Front Page server extensions are not configured for the > site. I have been experimenting with locking down this > IIS server and have the latest patches on it and have > followed many of the procedures outlined in several guides > including "From Blueprint to Fortress: A Guide to > Securing IIS 5.0". > > We do have an Exchange environment but this server is not > an Exchange Server. The SMTP service on this server is > used though. > > Here are the various log entries: > [06-09-2003 - 09:25:36] Client at 172.22.30.95: URL > contains disallowed header 'translate:' Request will be > rejected. Site Instance='1', Raw URL='/' > [01-10-2003 - 15:50:56] Client at 172.22.30.95: Sent > verb 'PROPFIND', which is not specifically allowed. > Request will be rejected. > [01-10-2003 - 15:50:56] Client at 172.22.30.95: Sent > verb 'OPTIONS', which is not specifically allowed. Request > will be rejected. > > These were disabled. I had enabled them when I saw these > entries from an internal IP - even though the developer > was not complaining about problems. (Thinking that they > need to be enbabled for some reason.) I've been trying to > do some research as to why these would need to be > enabled. I have disabled translate again but have left > PROPFIND and OPTIONS enabled for now. > > How do I determine whether they should be disabled or > enabled? Why are they showing up in the logs but do not > appear to be causing errors for the user? (What's > triggering the error?) > > The server is open to the internet but currently is still > in its testing phase and not considered in production yet.
- Next message: BB: "Re: Certsvr Is BROKEN."
- Previous message: BB: "Re: You are not authorized..."
- In reply to: Nancy Forbes: "URLScan Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
