Re: Newbie to IIS 6

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 09/02/04 

Date: Thu, 02 Sep 2004 20:01:29 GMT

On Thu, 2 Sep 2004 06:26:46 -0600, "Frankster"
<Frank@REMOVEALLCAPSitcreek.com> wrote:

>Thank you David! I knew reports I read in this news group about how "It's
>all built in now" was probably too good to be true!
>
>Can I use the same version/config of URL scan that I was using with IIS5.1?

You want the latest version. Might also look at:

http://www.winnetmag.com/Article/ArticleID/39979/39979.html

Jeff

>"David Boyer" <nospam@nospam.com> wrote in message
>news:%23P8gv6JkEHA.536@TK2MSFTNGP11.phx.gbl...
>> IIS 6.0 provides some of the same functionality as URLScan and the IIS
>> Lockdown tool. IIS 6 already automatically disallows any application
>> extension that isn't explicitly granted, the IUSR account is heavily
>> restricted, etc. However, I still us URLScan for things like restricting
>> extensions, restricting http verbs, rejecting URLs with certain
>> characters, and for masking the server signature.
>>
>> "Frank" <FrankREMOVEALLCAPS@itcreek.com> wrote in message
>> news:FtGdnetm2ohVgKvcRVn-vA@giganews.com...
>>>I want to prevent recursion of directories for one thing (i.e ..\..\..\)
>>>and other malicious hacking attempts using SEARCH and other key verbs. As
>>>I said, like URL scan used to do. Also disallow execution of files like
>>>.bat .cmd, etc.
>>>
>>> -Frank
>>>
>>> "doug" <anonymous@discussions.microsoft.com> wrote in message
>>> news:087001c49022$9ada92c0$a401280a@phx.gbl...
>>>> If you tell us exactly what you want to do, we can
>>>> probably help.
>>>>
>>>> doug
>>>>>-----Original Message-----
>>>>>I have just upgraded my W2K/IIS5.1 setup to W2K3/IIS6.
>>>> Using host headers
>>>>>for a couple of websites on one IP. No probs. All is
>>>> well.
>>>>>
>>>>>I have heard that IIS6 includes the "URL Scan"
>>>> functionality that I was
>>>>>using for my IIS5.1 setup. Where do I go to adjust the
>>>> parameters?
>>>>>
>>>>>Thanks,
>>>>>
>>>>>-Frank
>>>>>
>>>>>
>>>>>.
>>>>>
>>>
>>>
>>
>>
>

Relevant Pages

  • Re: Trend C/S/M SMB on SBS2003
    ... INFO: Using URLScan on IIS ... > Since Trend Micro uses .exe to execute CGI, ... > I don't like the idea of allowing the extension ".exe" to run on my web ...
    (microsoft.public.inetserver.iis)
  • Re: Trend C/S/M SMB on SBS2003
    ... INFO: Using URLScan on IIS ... > Since Trend Micro uses .exe to execute CGI, ... > I don't like the idea of allowing the extension ".exe" to run on my web ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to download Excel Files after Running IIS Lockdown
    ... Are you really sure you added the extension to the correct place? ... Kristofer Gafvert - IIS MVP ... > Since doing so it is not possible to download Excel documents from the ... > This seems to indicate that URLScan is getting in the way, however, it ...
    (microsoft.public.inetserver.iis)
  • Re: URLScan for IIS
    ... Subject: URLScan for IIS ... >extension '', ... Extensions listed here are commonly used on a typical IIS server. ...
    (NT-Bugtraq)
  • Re: Newbie to IIS 6
    ... > IIS 6.0 provides some of the same functionality as URLScan and the IIS ... > extension that isn't explicitly granted, ... I still us URLScan for things like restricting ... > extensions, restricting http verbs, rejecting URLs with certain ...
    (microsoft.public.inetserver.iis)