Re: About http method trace track options in IIS4
From: Steve S. (SteveS)
Date: 10/07/04
- Next message: Gary: "New SSL Certificate is invalid after uninstalling Certificate Server"
- Previous message: Steve S.: "Re: probllems accessing internet after loading Service Pack2"
- In reply to: io.com: "About http method trace track options in IIS4"
- Next in thread: io.com: "Re: About http method trace track options in IIS4"
- Reply: io.com: "Re: About http method trace track options in IIS4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Oct 2004 16:20:29 -0400
I doubt URLScan will have any noticable affect on the performance of your
machine. If I were you I'd first try installing URLScan to see if there's
any slowdown at all before I'd try hacking the metabase! I've used the
MetaEdit 2.2 a lot. I've even exported metabase subtrees, hacked the
resultant text files, and imported them elsewhere, and I certainly don't
know how to do what you're asking.
BTW, my company just installed URLScan to disable TRACK and TRACE. Below is
a minimal urlscan.ini file to do the trick (you also might comment out the
"translate:" header because it sometimes causes lots of urlscan logging you
don't want):
=====================
[options]
UseAllowVerbs=0 ; If 1, use [AllowVerbs] section, else use
the
; [DenyVerbs] section.
UseAllowExtensions=0 ; If 1, use [AllowExtensions] section, else
use
; the [DenyExtensions] section.
NormalizeUrlBeforeScan=1 ; If 1, canonicalize URL before processing.
VerifyNormalization=1 ; If 1, canonicalize URL twice and reject
request
; if a change occurs.
AllowHighBitCharacters=0 ; If 1, allow high bit (ie. UTF8 or MBCS)
; characters in URL.
AllowDotInPath=1 ; If 1, allow dots that are not file
extensions.
RemoveServerHeader=0 ; If 1, remove the 'Server' header from
response.
EnableLogging=1 ; If 1, log UrlScan activity.
PerProcessLogging=0 ; If 1, the UrlScan.log filename will contain
a PID
; (ie. UrlScan.123.log).
AllowLateScanning=0 ; If 1, then UrlScan will load as a low
priority
; filter.
PerDayLogging=1 ; If 1, UrlScan will produce a new log each
day with
; activity in the form 'UrlScan.010101.log'.
UseFastPathReject=0 ; If 1, then UrlScan will not use the
; RejectResponseUrl or allow IIS to log the
request.
LogLongUrls=0 ; If 1, then up to 128K per request can be
logged.
; If 0, then only 1k is allowed.
;
; If UseFastPathReject is 0, then UrlScan will send
; rejected requests to the URL specified by RejectResponseUrl.
; If not specified, '/<Rejected-by-UrlScan>' will be used.
;
RejectResponseUrl=
;
; LoggingDirectory can be used to specify the directory where the
; log file will be created. This value should be the absolute path
; (ie. c:\some\path). If not specified, then UrlScan will create
; the log in the same directory where the UrlScan.dll file is located.
;
LoggingDirectory=C:\WINNT\system32\inetsrv\urlscan\logs
;
; If RemoveServerHeader is 0, then AlternateServerName can be
; used to specify a replacement for IIS's built in 'Server' header
;
AlternateServerName=
[RequestLimits]
;
; The entries in this section impose limits on the length
; of allowed parts of requests reaching the server.
;
; It is possible to impose a limit on the length of the
; value of a specific request header by prepending "Max-" to the
; name of the header. For example, the following entry would
; impose a limit of 100 bytes to the value of the
; 'Content-Type' header:
;
; Max-Content-Type=100
;
; To list a header and not specify a maximum value, use 0
; (ie. 'Max-User-Agent=0'). Also, any headers not listed
; in this section will not be checked for length limits.
;
; There are 3 special case limits:
;
; - MaxAllowedContentLength specifies the maximum allowed
; numeric value of the Content-Length request header. For
; example, setting this to 1000 would cause any request
; with a content length that exceeds 1000 to be rejected.
; The default is 30000000.
;
; - MaxUrl specifies the maximum length of the request URL,
; not including the query string. The default is 260 (which
; is equivalent to MAX_PATH).
;
; - MaxQueryString specifies the maximum length of the query
; string. The default is 2048.
;
MaxAllowedContentLength=30000000
MaxUrl=260
MaxQueryString=2048
[AllowVerbs]
;
; The verbs (aka HTTP methods) listed here are those commonly
; processed by a typical IIS server.
;
; Note that these entries are effective if "UseAllowVerbs=1"
; is set in the [Options] section above.
;
GET
HEAD
POST
[DenyVerbs]
;
; The verbs (aka HTTP methods) listed here are used for publishing
; content to an IIS server via WebDAV.
;
; Note that these entries are effective if "UseAllowVerbs=0"
; is set in the [Options] section above.
;
;PROPFIND
;PROPPATCH
;MKCOL
;DELETE
;PUT
;COPY
;MOVE
;LOCK
;UNLOCK
;OPTIONS
;SEARCH
TRACE
TRACK
[DenyHeaders]
;
; The following request headers alter processing of a
; request by causing the server to process the request
; as if it were intended to be a WebDAV request, instead
; of a request to retrieve a resource.
;
Translate:
If:
Lock-Token:
Transfer-Encoding:
[AllowExtensions]
;
; Extensions listed here are commonly used on a typical IIS server.
;
; Note that these entries are effective if "UseAllowExtensions=1"
; is set in the [Options] section above.
;
.htm
.html
.txt
.jpg
.jpeg
.gif
[DenyExtensions]
;
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
;
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
;
; Also note that ASP scripts are denied with the below
; settings. If you wish to enable ASP, remove the
; following extensions from this list:
; .asp
; .cer
; .cdx
; .asa
;
; Deny ASP requests
; .asp
; .cer
; .cdx
; .asa
; Deny executables that could run on the server
; .exe
; .bat
; .cmd
; .com
; Deny infrequently used scripts
; .htw ; Maps to webhits.dll, part of Index Server
; .ida ; Maps to idq.dll, part of Index Server
; .idq ; Maps to idq.dll, part of Index Server
; .htr ; Maps to ism.dll, a legacy administrative tool
; .idc ; Maps to httpodbc.dll, a legacy database access tool
; .shtm ; Maps to ssinc.dll, for Server Side Includes
; .shtml ; Maps to ssinc.dll, for Server Side Includes
; .stm ; Maps to ssinc.dll, for Server Side Includes
; .printer ; Maps to msw3prt.dll, for Internet Printing Services
; Deny various static files
; .ini ; Configuration files
; .log ; Log files
; .pol ; Policy files
; .dat ; Configuration files
[DenyUrlSequences]
; .. ; Don't allow directory traversals
; ./ ; Don't allow trailing dot on a directory name
; \ ; Don't allow backslashes in URL
; : ; Don't allow alternate stream access
; % ; Don't allow escaping after normalization
; & ; Don't allow multiple CGI processes to run on a single request
- Next message: Gary: "New SSL Certificate is invalid after uninstalling Certificate Server"
- Previous message: Steve S.: "Re: probllems accessing internet after loading Service Pack2"
- In reply to: io.com: "About http method trace track options in IIS4"
- Next in thread: io.com: "Re: About http method trace track options in IIS4"
- Reply: io.com: "Re: About http method trace track options in IIS4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
