Re: URLScan 2.5 on the ISA Server 2000 Firewall
From: Bill Peng [MSFT] (v-bpeng_at_online.microsoft.com)
Date: 03/03/05
- Next message: Peter Svensson: "Re: NTBackup: Strange failure for part of backup"
- Previous message: Fec: "Re: VPN - what happens now"
- In reply to: Ralph G. Fisher: "Re: URLScan 2.5 on the ISA Server 2000 Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 03 Mar 2005 08:18:51 GMT
Hi Ralph,
Thank you for posting in the SBS newsgroup.
I understand the problem is: after you installed ISA FP 1 URLscan, OWA is
not working properly.
To solve the problem, you must manually edit the urlscan.ini file. To do so:
1. Go to %windir%\System32\Inetsrv\Urlscan folder.
2. Open Urlscan.ini file by notepad.
3. Under [DenyUrlSequences] section, change the original items to:
;.. ; Don't allow directory traversals
;./ ; Don't allow trailing dot on a directory name
;\ ; Don't allow backslashes in URL
;% ; Don't allow escaping after normalization
;& ; Don't allow multiple CGI processes to run on a single request
4. Save the modified urlscan.ini file.
5. Restart the Web Proxy and firewall services.
For detail info about Urlscan with OWA, please refer to the following
article:
IIS lockdown and URLscan configurations in an Exchange environment
http://support.microsoft.com/kb/309508/en-us
I hope the above info helps.
If you have any update, please feel free to let me know.
Bill Peng
MCSE 2000, MCDBA
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Reply-To: "Ralph G. Fisher" <RGFisher@rgf-consulting.com>
>From: "Ralph G. Fisher" <RGFisher@rgf-consulting.com>
>Subject: Re: URLScan 2.5 on the ISA Server 2000 Firewall
>Date: Wed, 2 Mar 2005 17:29:01 -0500
>Lines: 16
>Organization: RGF Consulting, LLC.
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-RFC2646: Format=Flowed; Response
>Message-ID: <evYQGd3HFHA.3500@TK2MSFTNGP14.phx.gbl>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: adsl-68-21-36-97.dsl.sfldmi.ameritech.net 68.21.36.97
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFTNGP
08.phx.gbl!TK2MSFTNGP14.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:150914
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>
> Looking for information:
>
>Windows SBS 2003, ISA Server 2000 SP2 and FP1
>
>Protecting OWA Web Publishing Rule by using URLSan 2.5 on ISA Server 2000
>Firewall. Unable to view 50% of OWA legitimate E-Mails when URLSan is
>enabled. Are there any tweaks that can be made to the urlscan.ini file to
>allow finer control of E-Mails that should be allowed?
>
> Thanks,
>
> Ralph G. Fisher
>
>
>
>
- Next message: Peter Svensson: "Re: NTBackup: Strange failure for part of backup"
- Previous message: Fec: "Re: VPN - what happens now"
- In reply to: Ralph G. Fisher: "Re: URLScan 2.5 on the ISA Server 2000 Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
