Re: why request for cmd.exe had passed UrlScan.dll?
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 05/02/05
- Previous message: boe: "Re: certifcate is invalid or does not not match the name on the site."
- In reply to: Advertiser: "why request for cmd.exe had passed UrlScan.dll?"
- Next in thread: Advertiser: "Re: UrlScan.ini"
- Reply: Advertiser: "Re: UrlScan.ini"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 May 2005 12:39:37 +1000
Where is your URLScan.ini file? Your IIS logfile is showing a 404, which
means that the request could have been rejected by URLScan. Can you show us
how you have URLScan configured please? Thanks
Cheers
Ken
-- Blog: www.adopenstatic.com/cs/blogs/ken/ Web: www.adopenstatic.com "Advertiser" <advertiser@VideoClassified.com> wrote in message news:42740610$1_1@127.0.0.1... The below request for cmd.exe should not have reached IIS. Could somebody please tell me what setting in UrlScan.dll am I missing? This is what what I've found in my WEB server log file: ++++++++++++++++++++++++++++++++++++++++++++++++++++ #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2005-04-30 03:45:40 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2005-04-30 04:06:31 GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 80 - 208.210.49.246 - 404 0 64 2005-04-30 04:16:00 GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 80 - 208.210.49.246 - 404 0 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ And this is the corresponding section of UrlScan.dll LOG: [04-30-2005 - 04:05:17] ---------------- UrlScan.dll Initializing ---------------- [04-30-2005 - 04:05:17] URLs will be normalized before analysis. [04-30-2005 - 04:05:17] URL normalization will be verified. [04-30-2005 - 04:05:17] URLs must contain only ANSI characters. [04-30-2005 - 04:05:17] URLs must not contain any dot except for the file extension. [04-30-2005 - 04:05:17] Requests with Content-Length exceeding 30000000 will be rejected. [04-30-2005 - 04:05:17] Requests with URL length exceeding 260 will be rejected. [04-30-2005 - 04:05:17] Requests with Query String length exceeding 2048 will be rejected. [04-30-2005 - 04:05:17] Only the following verbs will be allowed (case sensitive): [04-30-2005 - 04:05:17] 'GET' [04-30-2005 - 04:05:17] 'HEAD' [04-30-2005 - 04:05:17] 'POST' [04-30-2005 - 04:05:17] Only the following extensions will be allowed: [04-30-2005 - 04:05:17] '.htm' [04-30-2005 - 04:05:17] '.jpg' [04-30-2005 - 04:05:17] '.gif' [04-30-2005 - 04:05:17] '.aspx' [04-30-2005 - 04:05:17] '.css' [04-30-2005 - 04:05:17] '.' [04-30-2005 - 04:05:17] '.zip' [04-30-2005 - 04:05:17] '.ico' [04-30-2005 - 04:05:17] Requests containing the following headers will be rejected: [04-30-2005 - 04:05:17] 'translate:' [04-30-2005 - 04:05:17] 'if:' [04-30-2005 - 04:05:17] 'lock-token:' [04-30-2005 - 04:05:17] 'transfer-encoding:' [04-30-2005 - 04:05:17] Requests containing the following character sequences will be rejected: [04-30-2005 - 04:05:17] '..' [04-30-2005 - 04:05:17] './' [04-30-2005 - 04:05:17] '\' [04-30-2005 - 04:05:17] ':' [04-30-2005 - 04:05:17] '%' [04-30-2005 - 04:05:17] '&' [04-30-2005 - 04:05:17] 'xxx' [04-30-2005 - 04:05:17] 'xxx' [04-30-2005 - 04:26:19] ---------------- UrlScan.dll Terminating ----------------- Regards, Aharon. VIDEO: mms://www.videoclassified.com/Pres1Movie30 E-Mail: advertiser@videoclassified.com Phone: 647-212-1498 WEB: http://www.videoclassified.com/
- Previous message: boe: "Re: certifcate is invalid or does not not match the name on the site."
- In reply to: Advertiser: "why request for cmd.exe had passed UrlScan.dll?"
- Next in thread: Advertiser: "Re: UrlScan.ini"
- Reply: Advertiser: "Re: UrlScan.ini"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
