|
Home > Archive > IIS Server Security > November 2004 > IIS Reverse Lookup
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS Reverse Lookup
|
|
|
| Windows 2003/IIS6/Servlet ISAPI
I restrict directories on my web site by domain. Everything works fine
except when I provide users a url to a .jsp page that does an automatic
redirect to another .jsp page. Under this scenario, the reverse lookup is
not conducted on the initial URL (ncsa logs show only the IP) and users get
in no matter their domain.
Is there a fix for this (a flaw in IIS?)? Do I need to go through the ISAPI
provider? Thanks for any help.
| |
| Bernard 2004-11-10, 2:49 am |
| By default you can restrict access by domain name.
are you sure the IP logged match the domain name ? have you query (nslookup)
the domain and it does return the IP address ?
for this to works, the IIS server must able to perform a reverse DNS lookup,
make sure the DNS query traffics are not blocked.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Gary" <Gary@discussions.microsoft.com> wrote in message
news:56B03890-0034-4B7A-A430-C8F9A990F8F1@microsoft.com...
> Windows 2003/IIS6/Servlet ISAPI
>
> I restrict directories on my web site by domain. Everything works fine
> except when I provide users a url to a .jsp page that does an automatic
> redirect to another .jsp page. Under this scenario, the reverse lookup is
> not conducted on the initial URL (ncsa logs show only the IP) and users
get
> in no matter their domain.
>
> Is there a fix for this (a flaw in IIS?)? Do I need to go through the
ISAPI
> provider? Thanks for any help.
| |
|
| Bernard,
Thanks for the reply. I've verified and tested the functionality concerning
reverse lookups. I have various other directories that work fine. The only
directories that do NOT work are those with .jsp redirects as the user entry
page. I'm assuming the ISAPI filter is taking priority over the IIS reverse
lookup but I'm wondering if anyone knows of a fix or has seen this problem.
Thanks.
"Bernard" wrote:
> By default you can restrict access by domain name.
> are you sure the IP logged match the domain name ? have you query (nslookup)
> the domain and it does return the IP address ?
>
> for this to works, the IIS server must able to perform a reverse DNS lookup,
> make sure the DNS query traffics are not blocked.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Gary" <Gary@discussions.microsoft.com> wrote in message
> news:56B03890-0034-4B7A-A430-C8F9A990F8F1@microsoft.com...
> get
> ISAPI
>
>
>
| |
| Bernard 2004-11-12, 2:48 am |
| Hmm.. my understanding was request has to pass the inspection before
forwarding it to isapi...
maybe MS engineer can comment on this.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Gary" <Gary@discussions.microsoft.com> wrote in message
news:86377A82-22F3-487B-A116-08CD7CCCD477@microsoft.com...
> Bernard,
>
> Thanks for the reply. I've verified and tested the functionality
concerning
> reverse lookups. I have various other directories that work fine. The
only
> directories that do NOT work are those with .jsp redirects as the user
entry
> page. I'm assuming the ISAPI filter is taking priority over the IIS
reverse
> lookup but I'm wondering if anyone knows of a fix or has seen this
problem.[vbcol=seagreen]
> Thanks.
>
> "Bernard" wrote:
>
(nslookup)[vbcol=seagreen]
lookup,[vbcol=seagreen]
fine[vbcol=seagreen]
automatic[vbcol=seagreen]
lookup is[vbcol=seagreen]
users[vbcol=seagreen]
|
|
|
|
|