Re: Disable TRACE??
From: John Alderson (jalderson^at^adelphia^dot^net)
Date: 04/02/04
- Next message: Tony: "Help: process inetinfo.exe keeps enlarging, then IIS is dead"
- Previous message: Pat [MSFT]: "Re: Debug files to use for IISState"
- In reply to: Billy S: "Disable TRACE??"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Apr 2004 20:40:30 -0500
"Billy S" <anonymous@discussions.microsoft.com> wrote in message
news:24F0CF38-0064-4B8C-8EEC-85E14ADAD106@microsoft.com...
> OK How do I disable the HTTP TRACE from IIS without running the lockdown
tool? When we run it, it kills 80% of the programs we run but yet the
stupid security people moan about some HTTP TRACE... Any suggestions?
>
> Billy S.
Hmm.... the security people are stupid but you can't figure out how to make
your applications work with the solid configuration that Lockdown provides?
You might want to rethink your philosophy...
In addition to what David said in using URLScan (which should be the
preferred approach), you can also disable the TRACE or DEBUG verb for
particular ISAPI mappings (such as for ASP). For production systems, I
would use this as a second layer of defense.
For IIS 5.0, open the Internet Services Manager and select Properties on the
Server object. Choose Edit for the WWW Properties.
Select the Home Directory tab and then the Configuration button. Under
application mappings, select Edit. Mappings should be using the "Limit To"
set of HTTP verbs. Delete TRACE or DEBUG (in the case of IIS 6.0) and save
the mapping. You'll want to do that for each mapping.
John Alderson
- Next message: Tony: "Help: process inetinfo.exe keeps enlarging, then IIS is dead"
- Previous message: Pat [MSFT]: "Re: Debug files to use for IISState"
- In reply to: Billy S: "Disable TRACE??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
