Re: Script access - IIS 6
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/02/03
- Next message: Alessandro Perilli: "Re: security checklist?"
- Previous message: Mike Williams: "FTP Secure?"
- In reply to: Mark Hildreth: "Re: Script access - IIS 6"
- Next in thread: Mark Hildreth: "Re: Script access - IIS 6"
- Reply: Mark Hildreth: "Re: Script access - IIS 6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Aug 2003 19:37:11 -0700
If you make requests of the form
http://cvstest/viewcvs/viewcvs.cgi/modulename , does that work?
Namely, does this CGI depend on PATH_INFO or not? I am suspecting it does.
I tried to duplicate it by doing the following:
1. I set a Scriptmap of .cgi to C:\Inetpub\wwwroot\MyCGI.EXE (avoiding
any ACL issues)
2. I set DefaultDoc on / to be test.cgi
3. I created a file test.cgi so that DefaultDoc works
I made a request to http://localhost/ and http:/localhost/test.cgi under
anonymous, basic, and NTLM, and all passed (they invoked MyCGI.EXE to return
content).
I am using default ACLs, default AppPoolId of Network Service.
I do not immediately know what is wrong in your scenario, but if you can get
it working in the default case, we can work on lockdown.
I believe the Authentication issue with NTLM is separate from the "Bad
Headers" issue, so let's take it one at a time. Let's get the files working
to not return "Bad Headers" first. NTLM is a connection-based protocol, so
I want to ask you whether the CGI works with keep-alive correctly or not.
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "Mark Hildreth" <mhildreth@sbcglobal.net> wrote in message news:uMxwr4DWDHA.2316@TK2MSFTNGP09.phx.gbl... I have used Basic and Windows Integrated Authentication. They behave differently. They both behave the same for the originally described problem. After using the http://cvstest/viewcvs/ URL and successfully authenticating, there are links in the format http://cvstest/viewcvs/viewcvs.cgi/modulename. If I've authenticated with Basic, these links work, with Integrated they do not. By the way, viewcvs is a virtual directory on the same machine. App Pool Identity is Network Service. I've tried local system as well. ACL is Local Administrators Group, CVS Users Group and SYSTEM all have full control. Do know the answer to "How is cgi scriptmapped?" viewcvs.cgi is the only default document. > I am therefore thinking of what would cause the IIS resolution and > re-execution to fail, and I'm looking at the request up to the ScriptEngine. The redirect case is the one that works, it's the explicit URL http://cvstest/viewcvs/viewcvs.cgi that does not. Thanks... Mark "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:es3GNOBWDHA.212@TK2MSFTNGP12.phx.gbl... > How did you configure authenticated access (what sort of authentication). > > Are you running with a custom AppPoolIdentity. > > What are the ACLs on the accessed resources. > > How is .cgi scriptmapped (does it have ScriptEngine/File not Found options). > > If you configure viewcvs.cgi as a DefaultDoc (is it the only one?), both > URLs are the same. The first one will cause IIS to send a courtesy redirect > to http://cvstest/viewcvs/ back to the client, and when the client requests > this URL behind-the-scenes, IIS would resolve / to /viewcvs.cgi and execute > http://cvstest/viewcvs/viewcvs.cgi using the ScriptEngine configured for the > .cgi Scriptmap -- the same as if you made a direct request to it. > > I am therefore thinking of what would cause the IIS resolution and > re-execution to fail, and I'm looking at the request up to the ScriptEngine. > > -- > //David > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Mark Hildreth" <mhildreth@sbcglobal.net> wrote in message > news:en4FMI$VDHA.2248@TK2MSFTNGP10.phx.gbl... > I am trying to execute a python script on IIS 6 as follows: > > Anonymous access > http://cvstest/viewcvs and http://cvstest/viewcvs/viewcvs.cgi > Both of the above work. I have made viewcvs.cgi a default page for the > directory. > > Authenticated access: > Removed anonymous access, added ACL for user group. viewcvs.cgi remains a > default page for the directory. > http://cvstest/viewcvs presents authentication dialog and works. > http://cvstest/viewcvs/viewcvs.cgi does not present authentication dialog. > Returns: > > ******************************** > CGI Error > The specified CGI application misbehaved by not returning a complete set of > HTTP headers. > > ********************************* > > The script is unchanged in all cases. Only the NTFS permissions are changed > > -- Thanks in advance.... > ------------------------------------------ > Mark Hildreth > IT Response, Inc. > 205 Rustic Place > San Ramon, CA 94583 > mark@ITResponse.com > (925) 828-7650 > (925) 699-6800 (cell) > > >
- Next message: Alessandro Perilli: "Re: security checklist?"
- Previous message: Mike Williams: "FTP Secure?"
- In reply to: Mark Hildreth: "Re: Script access - IIS 6"
- Next in thread: Mark Hildreth: "Re: Script access - IIS 6"
- Reply: Mark Hildreth: "Re: Script access - IIS 6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
