How do I config URLSCAN to deny HTTP TRACE
From: Paul Kavanagh (pkavanagh_at_ntlworld.com)
Date: 01/28/04
- Previous message: Paul Kavanagh: "Re: L2TP/IPSec from XP client to Windows 2003 Server"
- Next in thread: Chris Weber: "Re: How do I config URLSCAN to deny HTTP TRACE"
- Reply: Chris Weber: "Re: How do I config URLSCAN to deny HTTP TRACE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Jan 2004 23:21:02 -0000
Did a security audit on my Outlook Web Access server today and one of the
high risk vulnerabilities found claimed I should use URLSCAN to deny HTTP
TRACE requests. How do I do this? I've downloaded urltrace but I can't make
head nor tail of it - seems to be an .ini file needs editing, but what do i
put in??
Thanks in advance,
Paul.
- Previous message: Paul Kavanagh: "Re: L2TP/IPSec from XP client to Windows 2003 Server"
- Next in thread: Chris Weber: "Re: How do I config URLSCAN to deny HTTP TRACE"
- Reply: Chris Weber: "Re: How do I config URLSCAN to deny HTTP TRACE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
