IIS Server Security, security/access question

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> security/access question

by Chris » Tue, 29 Jul 2003 21:24:41 GMT

I have a bunch of IPs that are denied access to my server. For the most part
it works but.....
there are one or two IPs that are still able to have access to my system.
I've double checked the logs and then reentered them in the denied list but
they still are being allowed access. This is a win2k server all the latest
patches, etc..



Top

IIS Server Security >> security/access question

by Bernard » Wed, 30 Jul 2003 12:11:24 GMT


From IIS log, do the one / two IPs match with the one
you specify in the denied list ?

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...




part
but




Top

IIS Server Security >> security/access question

by Chris » Wed, 30 Jul 2003 20:28:53 GMT

yes. They match.

In fact I even deleted them and re-entered them on the list just to make
sure.





system.
latest



Top

security/access question

by Chris » Thu, 31 Jul 2003 20:09:21 GMT

Yes,
I did that when I first started noticing this. It's been going on for a
little over 2 months so I decided I've had enough and decided to ask someone
else.














Top

security/access question

by Bernard » Fri, 01 Aug 2003 11:37:59 GMT

Well, in this case, you might want to contact PSS.
I haven't experience myself. the IP restriction in IIS is pretty
robust.

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...




someone




make




denied
the



Top
Similar Threads

1. Access to cmd shell thru asp-security question 

Hi,

We have need to run server based .vbs files and other OS commands through
active server pages i.e...

Set oShell = Server.CreateObject("WScript.Shell")
oShell.Run("c:\somecmd.bat",,True)

Under Windows 2000 the EVERYONE group had read/execute rights against
cmd.exe. Under 2003 this has been removed and in order to get my .asp file
to execute the cmd shell I must grant the IUSR acct read/execute access to
cmd.exe on the web server.

Is there a better approach or "best practice" to properly secure my web
server and still be able to shell out to cmd.exe from asp?

Thanks for any insights!!!