URLSCAN 3.0 problem ("Invalid index.")



Hello:

I have URLSCAN 3.0 installed on a 32-bit Win2003+SP2 IIS server, and if the URLSCAN.INI file includes the following:

[RequestLimits]
; Max-Content-Type=100
MaxAllowedContentLength=30000000
MaxUrl=260
MaxQueryString=100

Then it works fine, but if I uncomment the Max-Content-Type line (or add any other Max-* request header lines) then URLSCAN rejects every single request with an "Invalid index" error message in the returned in HTML, and does so without logging anything to the URLSCAN.LOG file either.

Thanks,
RT



.



Relevant Pages

  • URLScan Update
    ... I have received a lot of feedback regarding my earlier post about URLScan. ... I opened a ticket with Microsoft support. ... I also invited him to present a scenario when an IIS server ... RejectResponseUrl or allow IIS to log the request ...
    (NT-Bugtraq)
  • Re: URLScan Rejects header "transfer-encoding:"
    ... URLScan may block this type of request. ... "I really did not want to reconfigure the URLScan just to accomodate a JDK ... cause vulnerabilities on your server. ... configuration as you see fit and we provide the information to do this. ...
    (microsoft.public.inetserver.iis.security)
  • URLScan detection
    ... Product: URLScan ... URLScan can be detected on IIS servers by the way it responds to HEAD ... When a bad URL is rewritten it is changed to the GET request type. ... Server: Microsoft-IIS/5.0 ...
    (Bugtraq)
  • Re: What is the URLScan Rejection Response?
    ... You can customize the response that UrlScan sends when it rejects a request. ... page contain your own custom code to run when UrlScan rejects a request. ... RejectResponseUrl in the UrlScan.doc file. ...
    (microsoft.public.inetserver.iis.security)
  • Re: About http method trace track options in IIS4
    ... I doubt URLScan will have any noticable affect on the performance of your ... "translate:" header because it sometimes causes lots of urlscan logging you ... request. ... of allowed parts of requests reaching the server. ...
    (microsoft.public.inetserver.iis.security)