Re: URLScan and an EXE File

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 07/10/03

Next message: Roger Abell [MVP]: "Re: Trusted root CA certificates at the IIS Server"
Previous message: Roger Abell [MVP]: "Re: IIS 6 / FrontPage Group Isolation"
In reply to: FMac: "Re: URLScan and an EXE File"
Next in thread: Herb Martin: "Re: URLScan and an EXE File"
Reply: Herb Martin: "Re: URLScan and an EXE File"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 9 Jul 2003 23:27:36 -0700

AFAIK it is all .exe or none
Might you be able to explore sourcing that exe from
a site that does not have URLscan in the ISAPI list
(not good, I know) or via ftp ?

"FMac" <fmac@urnerbarry.com> wrote in message
news:%230cE2YkRDHA.1720@TK2MSFTNGP12.phx.gbl...
> When I look at the log file that URLScan generates I see a lot of exe
> attempts that are caught. I don't want to remove that extension for
> everything. I was hoping that I could insolate one file and have it
flagged
> to be passed through.
>
> Thanks for your response.
>
> <Nick> wrote in message news:u$aCWUkRDHA.1552@TK2MSFTNGP10.phx.gbl...
> > remove .exe from the [DenyExtensions] section
> >
> > then restart IIS and all should be good
> >
> > Nick
> >
> >
> > "FMac" <fmac@urnerbarry.com> wrote in message
> > news:OgQwCMjRDHA.2084@TK2MSFTNGP11.phx.gbl...
> > > Is there anyway to allow a specified exe file to pass through the
> URLScan
> > > filter?
> > > I am using an activeX control that needs to run a small .exe file on
the
> > > clients workstation in order for it to work. Is there something like
> > > [AllowURLSequence] that possibly is undocumented? This is on a paid
> > > permissioned site that all users would know the purpose of this
update.
> > > I am using URLScan 2.5 on a Windows 2000 Server running IIS5.
> > >
> > > Any ideas would be appreciated.
> > >
> > > Thanks,
> > > Frank
> > >
> > >
> >
> >
>
>

Next message: Roger Abell [MVP]: "Re: Trusted root CA certificates at the IIS Server"
Previous message: Roger Abell [MVP]: "Re: IIS 6 / FrontPage Group Isolation"
In reply to: FMac: "Re: URLScan and an EXE File"
Next in thread: Herb Martin: "Re: URLScan and an EXE File"
Reply: Herb Martin: "Re: URLScan and an EXE File"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: URLScan (and Demarc PureSecure)
... I added focus-ids to the recipient list - if you reply to this, and it's not related to Intrusion Detection, please remove that recipient. ... still have reservations when it comes to allowing .exe ... > on opeing up specific .exe's via URLScan. ... >>> knowledge of web servers and I'm not sure how I ...
(Security-Basics)
Re: URLScan
... i know you can move and ACL critical system ... still have reservations when it comes to allowing .exe ... > on opeing up specific .exe's via URLScan. ... >> Do You Yahoo!? ...
(Security-Basics)
Re: IIS Lockdown/URLScan - no .exes
... INFO: Using URLScan on IIS ... Either I didn't read the Docs very>>well, or didn't configure things correctly, as my server ... >>Specifically, the server would not allow any .asp,>>or .exe files. ...
(microsoft.public.inetserver.iis.security)
RE: URLScan
... I would NOT recommend opening up the .exe ... > extension. ... > reboot your server. ... > Subject: URLScan ...
(Security-Basics)
Re: Downloading .exe files from an WinXP IIS server.
... Just be aware enabling .exe in URLscan removed one of its ... Better to make the URL download a zip. ... > the IIS ...
(microsoft.public.windowsxp.security_admin)