Re: problem with urlscan filter
From: Bernard (qbernard_at_hotmail.com)
Date: 09/30/03
- Next message: Bernard: "Re: Remotely anywhere"
- Previous message: Bernard: "Re: security download"
- In reply to: Luciano Talarico: "Re: problem with urlscan filter"
- Next in thread: Jeff Cochran: "Re: problem with urlscan filter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Sep 2003 13:44:25 +0800
You are not advise to use executable extension name. refer
Virtual Directory Names with Executable Extensions Are Not Used Correctly
http://support.microsoft.com/?id=275601
-- Regards, Bernard Cheah http://support.microsoft.com/ Please respond to newsgroups only ... "Luciano Talarico" <lucianoNOSPAM@talarico.it> wrote in message news:t5Ydb.2411$uv4.1853@news.edisontel.com... > Hi Richard, > > > By default, URLscan has the .com extension listed under [denyextensions]. > > Unfortunately, .com can be both part of a URL and the extension to > malicious > > or system programs. > > You can remove .com from your deny extensions, but > > Ok, I have tryed to remove the .cmd from deny extension, I olso have tryed > to REM with ; (ex. ;.com) from deny extension but the problem is the same. > Of course i stop and start IIS services to be sure that urlscan run with the > correct > ini config file. > After all my test I suppose that urlscan explosed ! > I restart the server with my urlscan.ini backupped and the server works fine > but my problem with the directory .com remain the same. > > > you'll be compromizing security somewhat. > > I know this but i have the necessity to have directory that contains .com > extension > > > Richard > > Thank for your support > Luciano. > > > > "Luciano Talarico" <lucianoNOSPAM@talarico.it> wrote in message > > news:2_Vdb.2318$uv4.1451@news.edisontel.com... > > > Hello to all, > > > I have this problem, on my production server (Win2K server SP4, IIS5 > + > > > IISLockdown and urlscan) i create a virtual site for web site statics > > > (http://stats.mydomain.net/) on this virtual site i would like to > pubblish > > > the website statics for my customer > > > (http://stats.mydomain.net/www.customerdomain.tld) > > > > > > to do this I have modified the urlscan.ini to permite directories with . > > > becouse > > > before i do this I sow 404 error. > > > > > > After few weeks i create a folder for my customer that own a .com and I > > have > > > the same problem (404) and in the urlscanlog i dont understand what it > > wants > > > !?!? > > > > > > Sorry my english, i try to resume the problem > > > Example > > > http://stats.mydomain.net/www.customerdomain.it work correctly > > > http://stats.mydomain.net/www.customerdomain.com do not work > > > http://stats.mydomain.netwww.customerdomain.net work correctly > > > > > > please help me ! > > > Luciano > > > > > > -- > > > Luciano Talarico > > > luciano(at)talarico.it > > > www.talarico.it > > > -- > > > "Ciņ che l'orecchio sente e l'occhio vede... > > > la mente crede..." > > > > > > > > > > > >
- Next message: Bernard: "Re: Remotely anywhere"
- Previous message: Bernard: "Re: security download"
- In reply to: Luciano Talarico: "Re: problem with urlscan filter"
- Next in thread: Jeff Cochran: "Re: problem with urlscan filter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
