IIS Server Security - Allow extension in the urlscan

Author

Allow extension in the urlscan

eyalgross

2004-08-18, 7:52 am

In our site we are use extension like html#k1,html#avoda,html#ke .

The parameters after the # are changed .

How i can enable this extensions group on the urlscan.

Thanks,

Eyal.

Dave

2004-08-18, 7:52 am

after the # is an anchor point reference in the page, urlscan hopefully
doesn't consider that part of the file extension.

"eyalgross" <EYAL_G@HILAN.CO.IL> wrote in message
news:3bd59a76.0408180301.50df9a8d@posting.google.com...
> In our site we are use extension like html#k1,html#avoda,html#ke .
>
> The parameters after the # are changed .
>
> How i can enable this extensions group on the urlscan.
>
> Thanks,
>
> Eyal.

Eyal Gross

2004-08-18, 7:52 am

The # is shown as part of the extension.

The log that i get is :

URL contains extension '.htm#avoda', which is not specifically allowed.
Request will be rejected. Site Instance='3', Raw
URL='/Moked_Yeda_Lesachar/Laws.htm#avoda'

Eyal.

*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!

Roger Abell [MVP]

2004-08-22, 6:05 pm

You could alway change over to use of denied extensions list
instead of the allowed extensions processing you now have in
use. Given URLscan is seeing htm#anything as an extension,
it is hard to see how you could find another solution.

--
Roger
"Eyal Gross" <eyal_g@hilan.co.il> wrote in message
news:eOR1CnRhEHA.384@TK2MSFTNGP10.phx.gbl...
>
>
> The # is shown as part of the extension.
>
> The log that i get is :
>
> URL contains extension '.htm#avoda', which is not specifically allowed.
> Request will be rejected. Site Instance='3', Raw
> URL='/Moked_Yeda_Lesachar/Laws.htm#avoda'
>
> Eyal.
>
> *** Sent via Developersdex http://www.codecomments.com ***
> Don't just participate in USENET...get rewarded for it!