URLSCAN on IIS6 config

From: Mike D (anonymous_at_discussions.microsoft.com)
Date: 06/04/04

Next message: David: "IIS 6.0 & Permissions"
Previous message: Tom Kaminski [MVP]: "Re: IIS 5.0 REDIRECTING url"
In reply to: Mike D: "URLSCAN on IIS6 config"
Next in thread: David Wang [Msft]: "Re: URLSCAN on IIS6 config"
Reply: David Wang [Msft]: "Re: URLSCAN on IIS6 config"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 4 Jun 2004 07:25:22 -0700

Looks like I need a "." in the allow extensions settings
for the default document to run.

Mike

>-----Original Message-----
>I am having some problems getting URLScan 2.5 running
>properly on IIS6. I can't get the default doc to display
>unless it is written out in the url. If I remove urlscan
>from the server it is okay. The urlscan logs looks like
>it is seeing a . in the url and rejecting the request
>there is obviously no period in the url
>
>Help please
>
>Mike
>
>
>http://ricweb3/default.asp output: Boo
>
>http://ricweb3/ output: The system cannot find the file
>specified.
>
>code in default.asp
><%
>response.write "Boo"
>%>
>
>----------------------------------------------------
>>From urlscanlog:
>[06-04-2004 - 09:08:20] Client at xxx.xxx.xxx.xxx: URL
>contains extension '.', which is not specifically
allowed.
>Request will be rejected. Site Instance='599050834', Raw
>URL='/'
>
>
>
>------------------------------------------------
>urlscan.ini settings
>UseAllowExtensions=1
>
>[AllowExtensions]
>;
>; Extensions listed here are commonly used on a typical
>IIS server.
>;
>; Note that these entries are effective
>if "UseAllowExtensions=1"
>; is set in the [Options] section above.
>;
>
>..htm
>..html
>..txt
>..jpg
>..jpeg
>..gif
>..asp
>------------------------------------------
>
>.
>

Next message: David: "IIS 6.0 & Permissions"
Previous message: Tom Kaminski [MVP]: "Re: IIS 5.0 REDIRECTING url"
In reply to: Mike D: "URLSCAN on IIS6 config"
Next in thread: David Wang [Msft]: "Re: URLSCAN on IIS6 config"
Reply: David Wang [Msft]: "Re: URLSCAN on IIS6 config"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: URLScan
... >Can anyone help with allowing full stops using URLScan the error is ... Request will be rejected. ... or in the [Allow Extensions] section add the ...
(microsoft.public.inetserver.iis.security)
Re: URLSCAN on IIS6 config
... URLScan isn't rejecting it based on ".", it's rejecting the URL because you ... on IIS6 because it is not as good as the built-in support of IIS6. ... Web Service Extensions allow you control of which binaries can ...
(microsoft.public.inetserver.iis)
Re: Stopping IIS from serving certain file types
... URLScan is the way to go for blocking files with certian file extensions. ... can configure URLScan to reject requests for .exe files to prevent Web ... below to view the article in the Microsoft Knowledge Base: ...
(microsoft.public.inetserver.iis.security)
RE: URLScan
... that he is experiencing the download bug within urlscan that makes certain ... not related to blocked extensions. ... | knowledge of web servers and I'm not sure how I can edit the urlscan ...
(Security-Basics)
Re: Downloading executables from IIS
... All configuration of URLScan is done through the URLScan.ini file, ... If this option is set to 1, URLScan will only permit requests for files ... extensions listed in the section. ...
(microsoft.public.inetserver.iis.security)