Re: Disable trace and track verbs
anonymous_at_discussions.microsoft.com
Date: 02/13/04
- Next message: Hasnain: "Renewed Certificate not working"
- Previous message: The Pistoleer: "How to name a SSL domain?"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
- Next in thread: Dominick(Infosecnyc): "RE: Disable trace and track verbs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Feb 2004 20:44:06 -0800
Found the issue...this web server is behind an ISA
firewall and it was responding to the request. I found
the URLscan for ISA and installed it. Things are working
fine now and the security assesment is coming back
clean. Thanks for all of your input!!
>-----Original Message-----
>I understand what u are saying, but URLscan will not
>intercept that command yet as IIS will still respond to
>an OPTIONS and TRACE command even with it disabled.
>
>I have tried all ways, but even though it is truley
>diasabled and I know there is not compromise, if I go
and
>give an OPTIONS command or a TRACE command, IIS will
>respond.
>
>Trace and track are the same command?
>
>this only presents a problem when present security test
>results to a management board and they ask why we are
>getting a false failure when using a outside security
org
>to check the firewall and webserver.
>>-----Original Message-----
>>Well, then use URLScan to disable OPTIONS.
>>
>>URLScan isn't changing IIS code; it's intercepting
>requests prior to IIS
>>processing them and then rejecting them --, so even
>though URLScan denies
>>TRACK and TRACE, IIS itself still thinks it is able to
>handle them and hence
>>responding that way in OPTIONS.
>>
>>--
>>//David
>>IIS
>>This posting is provided "AS IS" with no warranties,
and
>confers no rights.
>>//
>><anonymous@discussions.microsoft.com> wrote in message
>>news:ebd401c3f100$5d710d90$a001280a@phx.gbl...
>>IF you do a
>>
>>OPTIONS / HTTP/1.1
>>
>>you will still see TRACK as an option. THis is what is
>>causing security checkers to fail. Is there a way to
get
>>this response removed?
>>
>>>-----Original Message-----
>>>Are the responses 200 or 404?
>>>Are you using a RejectResponseUrl that points to
>content?
>>>
>>>--
>>>//David
>>>IIS
>>>This posting is provided "AS IS" with no warranties,
and
>>confers no rights.
>>>//
>>>"Rob" <anonymous@discussions.microsoft.com> wrote in
>>message
>>>news:e61f01c3f030$dfc98bd0$a601280a@phx.gbl...
>>>I have installed URLScan and i am still get a respond
on
>>>my web site to trace and track commands. I thought
>>>URLScan 2.5 woul take care of it. I have the
AllowVerbs
>>>set to 1 and then the very TRACE and track are not in
>>>that section.
>>>
>>>Any ideas?
>>>
>>>
>>>.
>>>
>>
>>
>>.
>>
>.
>
- Next message: Hasnain: "Renewed Certificate not working"
- Previous message: The Pistoleer: "How to name a SSL domain?"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Disable trace and track verbs"
- Next in thread: Dominick(Infosecnyc): "RE: Disable trace and track verbs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
