IIS Server Security, Lockdown and UrlScan

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> Lockdown and UrlScan

by UGVyY3k » Tue, 21 Sep 2004 08:29:08 GMT

After installing the above programs on IIS5, several things happened. We have
an application that executes as a DLL. That application no longer works.
Also, we have another application that executes as EXE (shopping cart) and it
has become very, very slow. Usually takes about .5 seconds to add an item to
a cart, now it takes about 11 seconds. I added the .exe extension to the
AllowExtension section but do not now what to do with the dll and the
performance issue.

Any help will be appreciated.

Percy

Top

IIS Server Security >> Lockdown and UrlScan

by Bernard » Tue, 21 Sep 2004 10:47:59 GMT


I don't think urlscan will 'affect' the server performance.
the overhead is small for its processing.

Now, if you still having problem after ulscan is installed.
look at the urlscan log file and customize the ini file.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/





have
it
to




Top
Similar Threads

1. IIS LockDown and URLScan issues

2. URLSCan and IIS Lockdown 

Windows 2003 + exchange 2003 is it need run the urlscan and iis lockdown or 
not need ?

3. SUS, OWA, Lockdown & URLScan

4. IIS Lockdown/URLScan - no .exe's 

Update - fixed my .asp problems by re-creating my site 
(that need them) as Front Page Webs.  Still having the 
problem with .exe's tho, if anyone has a helpful idea.

Thanks,

Sq

>-----Original Message-----
>Here's my problem - I'm running IIS 5 on a W2K server 
>(SP3) to serve an intranet site (inside the DMZ).
>
>On Friday (yes, yes, never do anything on Friday) I 
>downloaded teh IIS Lockdown/URLScan tools and set them 
>loose on the server.  Either I didn't read the Docs very 
>well, or didn't configure things correctly, as my server 
>started having probelms immediately thereafter.  
>Specifically, the server would not allow any .asp, 
>or .exe files.  I have found the exception that was 
>preventing those (in URLSCAN.ini), and a as a temporary 
>fix, I have just removed the urlscan.dll from the list 
of 
>ISAPI filters in the master site configuration.
>
>This allowed my to serve .asp pages (Some anyway), but I 
>am still unable to use any page which calls an .exe 
(from 
>the cgi-in folder).  Where else is this being 
>restricted?  Execute permissions seem to be set 
correctly 
>in IIS, (scripts and executables), and the permissions 
on 
>the cgi-bin folder on the site in question are correct.
>
>When I try to access an .exe, I get this page:
>---------------
>An internal error has occured on the server.
>
>Please contact an administrator.
>----------------
>
>Any ideas what else is stopping me here?  I also have a 
>few .asp sites that are not working (Error 500)...  I 
>have rolled back the IIS Lockdown settings (and have 
even 
>removed the app), but am still unable to get my .exe's 
to 
>run.
>
>Thanks much in advance for any suggestions, etc.
>
>Scottq
>.
>

5. REPOST: Does SBS 2003 automatically setup the IIS Lockdown tool and URLScan? - Windows Small Business Server(SBS)

6. urlscan

7. URLSCAN 2.5 and FP98

8. URLSCAN blocking MS IM with exchange 2k 

I have been trying to us Microsoft IM in house with our exchange2k server
and recently no users can authenticate to it...

I get an error in MSIM 2.2 and 5.0 that says:

Exchange Messaging Authentication Failure. The person logged onto this
computer does not have permission to use the specified e-mail address.
Please supply an email address and logon credentials for that address.

the W3SVC1 log shows:

2003-11-17 13:53:06 10.0.1.51 - 10.0.1.22 80 SUBSCRIBE
/instmsg/aliases/jqpublic 200 0 - -
2003-11-17 13:53:06 10.0.1.51 - 10.0.1.22 80 GET /<Rejected-By-UrlScan> 404
123 - -

the URLSCAN.ini has the appropriate allow verbs...
[AllowVerbs]

;
; Note that these entries are effective if "UseAllowVerbs=1"
; is set in the [Options] section above.
;

GET
HEAD
POST
;OPTIONS
SEARCH
POLL
PROPFIND
BMOVE
BCOPY
SUBSCRIBE
MOVE
PROPPATCH
BPROPPATCH
DELETE
BDELETE
MKCOL
UNSUBSCRIBE
SUBSCRIPTIONS
;COPY
;LOCK
;UNLOCK
;PUT
ACL
NOTIFY


so why am I getting shut down?

thanks in advance,

-timur