Re: Disable trace and track verbs

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/12/04

• Next message: Johann Montfort: "Database Locked!"
• Previous message: Bernard: "Re: Disable trace and track verbs"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
• Reply: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 11 Feb 2004 21:24:15 -0800

Well, then use URLScan to disable OPTIONS.

URLScan isn't changing IIS code; it's intercepting requests prior to IIS
processing them and then rejecting them --, so even though URLScan denies
TRACK and TRACE, IIS itself still thinks it is able to handle them and hence
responding that way in OPTIONS.

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<anonymous@discussions.microsoft.com> wrote in message
news:ebd401c3f100$5d710d90$a001280a@phx.gbl...
IF you do a
OPTIONS / HTTP/1.1
you will still see TRACK as an option.  THis is what is
causing security checkers to fail.  Is there a way to get
this response removed?
>-----Original Message-----
>Are the responses 200 or 404?
>Are you using a RejectResponseUrl that points to content?
>
>-- 
>//David
>IIS
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>//
>"Rob" <anonymous@discussions.microsoft.com> wrote in
message
>news:e61f01c3f030$dfc98bd0$a601280a@phx.gbl...
>I have installed URLScan and i am still get a respond on
>my web site to trace and track commands.  I thought
>URLScan 2.5 woul take care of it.  I have the AllowVerbs
>set to 1 and then the very TRACE and track are not in
>that section.
>
>Any ideas?
>
>
>.
>

---

• Next message: Johann Montfort: "Database Locked!"
• Previous message: Bernard: "Re: Disable trace and track verbs"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
• Reply: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: The page is not found (replying only?!) ... Please look in the IIS Log files, and locate one of these requests. ... URLScan is rejecting them, there should be a type ... Otherwise, IIS itself is rejecting the request, and should be logging 404 ... (microsoft.public.inetserver.iis) Re: ASP.NET 2.0 maximum URL length? ... explicitly installed on my IIS7/Vista system? ... URLScan - an add-on tool I have not installed. ... It's a recommended install for IIS 4.0 and 5.0, ... (microsoft.public.dotnet.framework.aspnet) Re: Restrict by UserAgent ... Performance concerns for the Apache solution is real because in that case, ... I would not automatically assume that the same caveat affects IIS ... > Well, after going through the available documentation on URLScan 2.5, it ... Apache cannot do this without using a custom module which happens to ... (microsoft.public.inetserver.iis.security) Re: URLscan problem ... I did indeed restart the IIS server after ... I took a look at the URLscan log files and found my ... >URLscan seems to be causing a problem with public folder ... (microsoft.public.inetserver.iis.security) RE: IIS 5 Log FIle Question ... IIS 5 Log FIle Question ... Below is a snippet from the logs. ... Does the fact the it says <Rejected by urlscan> imply ... This E-mail and its attachments have been scanned for viruses before delivery. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)