Re: IIS5.0 and IIS lockdown/hardening tool/security
From: Dave (kdlevine_at_wi.rr.com)
Date: Sat, 12 Jul 2003 06:50:37 -0500
Thanks for the response. I scanned some other messages about URLScan and I
had a few other questions that I hope you can help me with.
Is it possible to customize URLScan by web service, folder, or some other
application specific settings? Does it simply look for references to file
extensions without regard to how the file will be accessed? From what I've
seen in other posts here it seems that URLScan has limited configurable
re: FPSE...If these are not installed will this effect DevStudio? I've been
advised that if FPSE is not installed on development machines then
developers will be unable to develop web services. Do you have any
information that would corroborate or refute this?
"Herb Martin" <news@LearnQuick.com> wrote in message
> > We have a DOTNET web service built with the 1.1 framework and we are
> > targeting
> > server machines running IIS 5.0+. We have been advised to run the IIS
> > hardening/lockdown tool for additional security. Is anyone aware of any
> > problems or issues that will result from this? What problems will we
> > FrontPage Server extensions are not installed?
> As you may note if you watch the IIS newsgroups for a few
> hours, the IIS Lockdown Wizard and the URLScan it installs
> can affect access to web pages (mostly based on forbidding URLs
> that reference certain extensions like DLL, EXE, ASP, etc.
> You will need to tune your URLScan.ini
> This shouldn't be affected by FPSE, but those who do run FPSE
> note these same (class of) problems.