Re: Disable trace and track verbs

anonymous_at_discussions.microsoft.com
Date: 02/12/04 

Date: Thu, 12 Feb 2004 02:37:18 -0800

I understand what u are saying, but URLscan will not
intercept that command yet as IIS will still respond to
an OPTIONS and TRACE command even with it disabled.

I have tried all ways, but even though it is truley
diasabled and I know there is not compromise, if I go and
give an OPTIONS command or a TRACE command, IIS will
respond.

Trace and track are the same command?

this only presents a problem when present security test
results to a management board and they ask why we are
getting a false failure when using a outside security org
to check the firewall and webserver.
>-----Original Message-----
>I don't see track in my IIS6. I see -
>
>Public: OPTIONS, TRACE, GET, HEAD, POST\r\n
>
>by default option is not allow in urlscan [allowverbs]
section.
>so the above is not display when you use HEAD/GET/PoST
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:ebd401c3f100$5d710d90$a001280a@phx.gbl...
>> IF you do a
>>
>> OPTIONS / HTTP/1.1
>>
>> you will still see TRACK as an option. THis is what is
>> causing security checkers to fail. Is there a way to
get
>> this response removed?
>>
>> >-----Original Message-----
>> >Are the responses 200 or 404?
>> >Are you using a RejectResponseUrl that points to
content?
>> >
>> >--
>> >//David
>> >IIS
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights.
>> >//
>> >"Rob" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:e61f01c3f030$dfc98bd0$a601280a@phx.gbl...
>> >I have installed URLScan and i am still get a respond
on
>> >my web site to trace and track commands. I thought
>> >URLScan 2.5 woul take care of it. I have the
AllowVerbs
>> >set to 1 and then the very TRACE and track are not in
>> >that section.
>> >
>> >Any ideas?
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: SAY command on z/OS - Routine not found
    ... The TRACE command works. ... this is my first rexx routine in this location. ... ADDRESS ISPEXEC ...
    (comp.lang.rexx)
  • Re: SAY command on z/OS - Routine not found
    ... The TRACE command works. ... this is my first rexx routine in this location. ... ADDRESS ISPEXEC ...
    (comp.lang.rexx)
  • Re: The Coming Greater Depression
    ... and how big a business IT security ... example a linux user group mailing list to find out what is going on... ... sure, and please believe me, the command line is the most powerful ... some extent, but only at the price of a) far less power, and b) far ...
    (rec.martial-arts)
  • Re: HDD driver low memory condition
    ... the newsgroups are staffed weekdays by Microsoft Support professionals to ... be typed in a command prompt. ... To your IIS settings issue, do you have the IIS matabase backup file? ... newsgroups so that they can be resolved in an efficient and timely manner. ...
    (microsoft.public.windows.server.sbs)
  • [SECURITY] telnet client
    ... For general information regarding FreeBSD Security Advisories, ... The telnetcommand is a TELNET protocol client, ... fixed-sized buffer. ... src/UPDATING ...
    (comp.unix.bsd.freebsd.misc)