|
Home > Archive > IIS Server Security > August 2005 > URLScan log entries (help understanding)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
URLScan log entries (help understanding)
|
|
| John Jones 2005-08-05, 5:53 pm |
| Please forgive my ignorance. Can someone please explain "what kind of
request and why such a request" is being rejected. The following log entries
are in our "urlscan" log:
[08-05-2005 - 03:45:48] Client at 80.108.88.170: Sent verb 'PUT', which is
not specifically allowed. Request will be rejected.
[08-05-2005 - 05:29:40] Client at 136.234.47.108: Sent verb 'OPTIONS', which
is not specifically allowed. Request will be rejected.
[08-05-2005 - 09:06:05] Client at 65.173.140.105: Sent verb 'LOCK', which is
not specifically allowed. Request will be rejected.
[08-05-2005 - 09:06:21] Client at 65.173.140.105: Sent verb 'PROPFIND',
which is not specifically allowed. Request will be rejected.
[08-05-2005 - 09:13:03] Client at 80.108.88.170: Sent verb 'PUT', which is
not specifically allowed. Request will be rejected.
| |
|
| well, the PUT OPTIONS LOCK PROPFIND verbs are all locked out by default...
read the text info on urlscan and check the ini file sections [allowverbs]
and [denyverbs].
"John Jones" <John Jones@discussions.microsoft.com> wrote in message
news:6327CA2D-9EA5-4510-B9E1-74840B2AD108@microsoft.com...
> Please forgive my ignorance. Can someone please explain "what kind of
> request and why such a request" is being rejected. The following log
> entries
> are in our "urlscan" log:
>
> [08-05-2005 - 03:45:48] Client at 80.108.88.170: Sent verb 'PUT', which is
> not specifically allowed. Request will be rejected.
> [08-05-2005 - 05:29:40] Client at 136.234.47.108: Sent verb 'OPTIONS',
> which
> is not specifically allowed. Request will be rejected.
> [08-05-2005 - 09:06:05] Client at 65.173.140.105: Sent verb 'LOCK', which
> is
> not specifically allowed. Request will be rejected.
> [08-05-2005 - 09:06:21] Client at 65.173.140.105: Sent verb 'PROPFIND',
> which is not specifically allowed. Request will be rejected.
> [08-05-2005 - 09:13:03] Client at 80.108.88.170: Sent verb 'PUT', which is
> not specifically allowed. Request will be rejected.
| |
| David Wang [Msft] 2005-08-06, 2:48 am |
| 1. Read the documentation file that comes with URLScan installer itself.
2. Read the extra online documentation (
http://www.microsoft.com/technet/se...ls/urlscan.mspx )
3. Read urlscan.ini for comments
Depending on the UseAllowVerbs configuration, you either have:
0 = any verb in [DenyVerbs] section are denied. All else is allowed.
1 = only verbs in [AllowVerbs] section are allowed. All else is denied
Your log file suggests that UrlScan.ini contains UseAllowVerbs=1, so verbs
other than GET, HEAD, and POST are being rejected (the language of the
verbose log entry basically says this).
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"John Jones" <John Jones@discussions.microsoft.com> wrote in message
news:6327CA2D-9EA5-4510-B9E1-74840B2AD108@microsoft.com...
Please forgive my ignorance. Can someone please explain "what kind of
request and why such a request" is being rejected. The following log
entries
are in our "urlscan" log:
[08-05-2005 - 03:45:48] Client at 80.108.88.170: Sent verb 'PUT', which is
not specifically allowed. Request will be rejected.
[08-05-2005 - 05:29:40] Client at 136.234.47.108: Sent verb 'OPTIONS', which
is not specifically allowed. Request will be rejected.
[08-05-2005 - 09:06:05] Client at 65.173.140.105: Sent verb 'LOCK', which is
not specifically allowed. Request will be rejected.
[08-05-2005 - 09:06:21] Client at 65.173.140.105: Sent verb 'PROPFIND',
which is not specifically allowed. Request will be rejected.
[08-05-2005 - 09:13:03] Client at 80.108.88.170: Sent verb 'PUT', which is
not specifically allowed. Request will be rejected.
|
|
|
|
|