IIS Server Security - URLSCAN & FrontPage2003 on WIN2000 Server

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2004 > URLSCAN & FrontPage2003 on WIN2000 Server





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author URLSCAN & FrontPage2003 on WIN2000 Server
David Martin

2004-02-21, 6:34 am

I have URLSCAN setup as per KB article 307608.
What the article does not mention is that some FrontPage functionality will
be lost - for example :

[02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/Pontacq/_vti_bin/fpcount.exe/Pontacq/'

Is there any way to allow specific exe's rather than open the door to
potentially all ?

David.


Jonathan Maltz [MS-MVP]

2004-02-21, 9:34 am

Hi David,

That is a limitation of UrlScan, unfortunately. It's all or nothing

--
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out
here
Only reply by newsgroup. I do not do technical support via email. Any
emails I have not authorized are deleted before I see them.


"David Martin" <David.Martin@skill-it.com> wrote in message
news:%23S1rwXL%23DHA.132@TK2MSFTNGP09.phx.gbl...
> I have URLSCAN setup as per KB article 307608.
> What the article does not mention is that some FrontPage functionality
will
> be lost - for example :
>
> [02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension
> '.exe', which is disallowed. Request will be rejected. Site Instance='1',
> Raw URL='/Pontacq/_vti_bin/fpcount.exe/Pontacq/'
>
> Is there any way to allow specific exe's rather than open the door to
> potentially all ?
>
> David.
>
>


David Wang [Msft]

2004-02-21, 6:33 pm

> Is there any way to allow specific exe's rather than open the door
> to potentially all ?

Not with IIS5/5.1. It is technically impossible to implement what you are
asking without modifying IIS5/5.1 directly.

IIS6 natively does this, with better granularity than URLScan.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"David Martin" <David.Martin@skill-it.com> wrote in message
news:%23S1rwXL%23DHA.132@TK2MSFTNGP09.phx.gbl...
I have URLSCAN setup as per KB article 307608.
What the article does not mention is that some FrontPage functionality will
be lost - for example :

[02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/Pontacq/_vti_bin/fpcount.exe/Pontacq/'

Is there any way to allow specific exe's rather than open the door to
potentially all ?

David.



Jonathan Maltz [MS-MVP]

2004-02-21, 7:33 pm

Hi David,

If there are 2 EXEs in a folder served by IIS 6, you can make it so only one
is downloadable?

--
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out
here
Only reply by newsgroup. I do not do technical support via email. Any
emails I have not authorized are deleted before I see them.


"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:ukDU1rR%23DHA.1632@TK2MSFTNGP12.phx.gbl...
>
> Not with IIS5/5.1. It is technically impossible to implement what you are
> asking without modifying IIS5/5.1 directly.
>
> IIS6 natively does this, with better granularity than URLScan.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "David Martin" <David.Martin@skill-it.com> wrote in message
> news:%23S1rwXL%23DHA.132@TK2MSFTNGP09.phx.gbl...
> I have URLSCAN setup as per KB article 307608.
> What the article does not mention is that some FrontPage functionality
will
> be lost - for example :
>
> [02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension
> '.exe', which is disallowed. Request will be rejected. Site Instance='1',
> Raw URL='/Pontacq/_vti_bin/fpcount.exe/Pontacq/'
>
> Is there any way to allow specific exe's rather than open the door to
> potentially all ?
>
> David.
>
>
>


David Martin

2004-02-21, 11:34 pm

O well, What does anyone think of the following :
1. Remove .exe from [DenyExtensions]
2. Modify security settings for counters to read/write for the IISuser.
3.. Add the following [DenyUrlSequences]
cmd.exe
winnt
system

Now I know that these sequences should not be reachable anyway - but my logs
show that is exactly what is attempted.

Dave.

p.s.- This is what worries me (a spammer I have upset I think with my very
prompt spamcop reporting.

[02-11-2004 - 11:06:12] ---------------- Initializing
UrlScan.log ----------------
[02-11-2004 - 11:06:12] -- Filter initialization time: [02-03-2004 -
03:07:02] --
[02-11-2004 - 11:06:12] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/MSADC/root.exe'
[02-11-2004 - 11:06:12] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe'
[02-11-2004 - 11:06:13] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:13] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe'
[02-11-2004 - 11:06:14] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:14] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe'
[02-11-2004 - 11:06:14] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:15] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe'
[02-11-2004 - 11:06:15] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:16] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:16] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system3
2/cmd.exe'
[02-11-2004 - 11:06:17] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:17] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../win
nt/system32/cmd.exe'
[02-11-2004 - 11:06:17] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:18] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:18] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd
..exe'
[02-11-2004 - 11:06:19] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:19] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.
exe'
[02-11-2004 - 11:06:20] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd
..exe'
[02-11-2004 - 11:06:20] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd
..exe'
[02-11-2004 - 11:06:20] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cm
d.exe'
[02-11-2004 - 11:06:21] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/c/winnt/system32/cmd.exe'
[02-11-2004 - 11:06:21] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.e
xe'
[02-11-2004 - 11:06:22] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.
exe'
[02-11-2004 - 11:06:22] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/d/winnt/system32/cmd.exe'
[02-11-2004 - 11:06:23] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd
..exe'
[02-11-2004 - 11:06:23] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cm
d.exe'
[02-11-2004 - 11:06:23] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe'
[02-11-2004 - 11:06:24] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:24] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.e
xe'
[02-11-2004 - 11:06:25] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:25] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:26] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:26] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.e
xe'
[02-11-2004 - 11:06:27] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe
'
[02-11-2004 - 11:06:27] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:27] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:28] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../win
nt/system32/cmd.exe'
[02-11-2004 - 11:06:28] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:29] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%c1%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:29] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:30] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%c1%pc../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:30] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe
'
[02-11-2004 - 11:06:30] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%e0%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:31] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system3
2/cmd.exe'
[02-11-2004 - 11:06:31] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%f0%80%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:32] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winn
t/system32/cmd.exe'
[02-11-2004 - 11:06:32] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:33] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.e
xe'
[02-11-2004 - 11:06:33] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.
exe'
[02-11-2004 - 11:06:34] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts..%c1%9c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:34] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/.%252e/.%252e/winnt/system32/cmd.exe'
[02-11-2004 - 11:06:34] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%%35%63../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:35] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%%35c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:35] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%25%35%63../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:36] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:36] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%252f../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:37] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%255c%255c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:37] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%255c..%255cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:38] Client at 62.101.126.236: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%255c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:38] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:38] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:39] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe'
[02-11-2004 - 11:06:39] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c0%9v../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:40] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c0%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:40] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c0%qf../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:41] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c1%1c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:41] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c1%8s../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:41] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c1%9c../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:42] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c1%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:42] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%c1%pc../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:43] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%e0%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:43] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%f0%80%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:44] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:44] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe'
[02-11-2004 - 11:06:45] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw URL='/scripts/root.exe'
[02-11-2004 - 11:06:45] Client at 62.101.126.236: URL contains extension
'.exe', which is disallowed. Request will be rejected. Site Instance='1',
Raw
URL='/msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%
af../winnt/system32/cmd.exe'
[02-11-2004 - 13:58:16] Client at 64.213.62.115: URL normalization was not
complete after one pass. Request will be rejected. Site Instance='1', Raw
URL='/scripts/..%255c%255c../winnt/system32/cmd.exe'

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:ukDU1rR%23DHA.1632@TK2MSFTNGP12.phx.gbl...
>
> Not with IIS5/5.1. It is technically impossible to implement what you are
> asking without modifying IIS5/5.1 directly.
>
> IIS6 natively does this, with better granularity than URLScan.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "David Martin" <David.Martin@skill-it.com> wrote in message
> news:%23S1rwXL%23DHA.132@TK2MSFTNGP09.phx.gbl...
> I have URLSCAN setup as per KB article 307608.
> What the article does not mention is that some FrontPage functionality
will
> be lost - for example :
>
> [02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension
> '.exe', which is disallowed. Request will be rejected. Site Instance='1',
> Raw URL='/Pontacq/_vti_bin/fpcount.exe/Pontacq/'
>
> Is there any way to allow specific exe's rather than open the door to
> potentially all ?
>
> David.
>
>
>


David Wang [Msft]

2004-02-22, 6:33 pm

Yes. AccessFlags has granularity down to per-URL, so you can set it at a
per-file level.

i.e. Suppose I have a download folder of EXEs that are pointed to by a vdir,
and I only want ONE of the EXEs in the folder to be executable via HTTP.
What I can do is set up the vdir to have Read but NO "Execute Permissions"
(so EXEs are downloaded by default), and then create a IIsWebFile for that
one EXE underneath the vdir (I don't see this in the UI, but I can modify
the metabase directly to do this) and set the IIsWebFile's AccessFlags
property value to be 517 "Scripts and Executables".

Now, when you retrieve URLs from this vdir, this one EXE is executed, but
everything else is downloaded.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
news:OcUlI7R%23DHA.4088@tk2msftngp13.phx.gbl...
Hi David,

If there are 2 EXEs in a folder served by IIS 6, you can make it so only one
is downloadable?

--
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out
here
Only reply by newsgroup. I do not do technical support via email. Any
emails I have not authorized are deleted before I see them.


"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:ukDU1rR%23DHA.1632@TK2MSFTNGP12.phx.gbl...
>
> Not with IIS5/5.1. It is technically impossible to implement what you are
> asking without modifying IIS5/5.1 directly.
>
> IIS6 natively does this, with better granularity than URLScan.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "David Martin" <David.Martin@skill-it.com> wrote in message
> news:%23S1rwXL%23DHA.132@TK2MSFTNGP09.phx.gbl...
> I have URLSCAN setup as per KB article 307608.
> What the article does not mention is that some FrontPage functionality
will
> be lost - for example :
>
> [02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension
> '.exe', which is disallowed. Request will be rejected. Site Instance='1',
> Raw URL='/Pontacq/_vti_bin/fpcount.exe/Pontacq/'
>
> Is there any way to allow specific exe's rather than open the door to
> potentially all ?
>
> David.
>
>
>



Jonathan Maltz [MS-MVP]

2004-02-23, 11:34 am

Wow, that's pretty interesting.

Thanks for the info,

--
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out
here
Only reply by newsgroup. I do not do technical support via email. Any
emails I have not authorized are deleted before I see them.


"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:eb4KO5d%23DHA.1672@TK2MSFTNGP12.phx.gbl...
> Yes. AccessFlags has granularity down to per-URL, so you can set it at a
> per-file level.
>
> i.e. Suppose I have a download folder of EXEs that are pointed to by a
vdir,
> and I only want ONE of the EXEs in the folder to be executable via HTTP.
> What I can do is set up the vdir to have Read but NO "Execute Permissions"
> (so EXEs are downloaded by default), and then create a IIsWebFile for that
> one EXE underneath the vdir (I don't see this in the UI, but I can modify
> the metabase directly to do this) and set the IIsWebFile's AccessFlags
> property value to be 517 "Scripts and Executables".
>
> Now, when you retrieve URLs from this vdir, this one EXE is executed, but
> everything else is downloaded.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> news:OcUlI7R%23DHA.4088@tk2msftngp13.phx.gbl...
> Hi David,
>
> If there are 2 EXEs in a folder served by IIS 6, you can make it so only
one
> is downloadable?
>
> --
> --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
> http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
> tutorial site :-)
> http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find
out
> here
> Only reply by newsgroup. I do not do technical support via email. Any
> emails I have not authorized are deleted before I see them.
>
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:ukDU1rR%23DHA.1632@TK2MSFTNGP12.phx.gbl...
are[color=blue]
> rights.
> will
Instance='1',[color=blue]
>
>
>


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com