Re: URL Scan on OWA
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 07/31/03
- Next message: Karl Levinson [x y] mvp: "Re: Strange ports open"
- Previous message: Lanwench [MVP - Exchange]: "Re: activation"
- In reply to: Björn Johansson: "URL Scan on OWA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 10:43:09 -0400
For any URLScan problem, generally you view the URLScan.log file and then
edit the URLSCAN.ini file and restart IIS. It's a good idea to repeat this
every so often, especially after first installing URLScan, to see if
legitimate requests are being blocked accidentally. See here for more info:
http://securityadmin.info/faq.htm#urlscan
"Björn Johansson" <bjornN0@$PAMjohansson.gs> wrote in message
news:OeCKjY0VDHA.1744@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> I've set up a OWA (front end) on our DMZ. The recommended template for OWA
> is used on URLScan.
>
> The problem is that it blocks URLs containing "&" and ".." signs. This is
> very disturbing for our users because many emails contains .. and "&" and
> ".." signs in subject line.
> Is there any workaround or tools to solve this problem without
comprimising
> security?
>
> According to last months logs there are no attempted attacks using "&" and
> ".." in URLs, just our users trying to access email containing the blocked
> sequences.
>
>
>
> Thanks in advance!
>
>
> /B.
>
>
- Next message: Karl Levinson [x y] mvp: "Re: Strange ports open"
- Previous message: Lanwench [MVP - Exchange]: "Re: activation"
- In reply to: Björn Johansson: "URL Scan on OWA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
