IIS Server Security >> FrontPage Counter

by -Draino- » Sun, 12 Oct 2003 22:46:06 GMT

Hi all,

I am using IIS5.1. I have used the lockdown tool and URL Scan 2.5. For some
reason I can't the the FrontPage counter to show on my local host. My
urlscan.ini file has been edited like so:


[AllowExtensions]

.asp
.cer
.cdx
.asa
.htm
.html
.txt
.jpg
.jpeg
.gif

[DenyExtensions]

;.exe
.bat
.cmd
.com
.htw ; Maps to webhits.dll, part of Index Server
.ida ; Maps to idq.dll, part of Index Server
.idq ; Maps to idq.dll, part of Index Server
.htr ; Maps to ism.dll, a legacy administrative tool
.idc ; Maps to httpodbc.dll, a legacy database access tool
.shtm ; Maps to ssinc.dll, for Server Side Includes
.shtml ; Maps to ssinc.dll, for Server Side Includes
.stm ; Maps to ssinc.dll, for Server Side Includes
;.printer ; Maps to msw3prt.dll, for Internet Printing Services
.ini ; Configuration files
.log ; Log files
.pol ; Policy files
.dat ; Configuration files

[DenyUrlSequences]

.. ; Don't allow directory traversals
./ ; Don't allow trailing dot on a directory name
\ ; Don't allow backslashes in URL
: ; Don't allow alternate stream access
% ; Don't allow escaping after normalization
& ; Don't allow multiple CGI processes to run on a single request
/fpdb/ ; Don't allow browse access to FrontPage database files
/_private ; Don't allow FrontPage private files (often form results)
/_vti_pvt ; Don't allow FrontPage Web configuration files
/_vti_cnf ; Don't allow FrontPage metadata files
/_vti_txt ; Don't allow FrontPage text catalogs and indices
/_vti_log ; Don't allow FrontPage authoring log files


no matter how I change the .exe part I still get the same error in the log
files:

[10-12-2003 - 10:37:40] Client at 192.168.2.2: URL contains '.' in the path.
Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/fpcount.exe/'

I'm guessing it's just a matter on how to comment out the right line but I
have tried every which way for the .exe part and nothing works. I shutdown
and restart IIS for every change and nothing helps.

Any ideas?

D



IIS Server Security >> FrontPage Counter

by Bernard » Mon, 13 Oct 2003 12:24:10 GMT


what's the value of UseAllowExtensions ?
if it's 0, it will use the [DenyExtensions], if
1 then [AllowExtensions] will be used.

Verify this and save the ini file, restart IIS service,
try again, check the log and see if it's being block again.

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...





some
path.

IIS Server Security >> FrontPage Counter

by -Draino- » Tue, 14 Oct 2003 04:17:48 GMT

his is what it is:

UseAllowVerbs=1 ; if 1, use [AllowVerbs] section, else use
[DenyVerbs] section
UseAllowExtensions=0 ; if 1, use [AllowExtensions] section, else
use [DenyExtensions] section
NormalizeUrlBeforeScan=1 ; if 1, canonicalize URL before processing
VerifyNormalization=1 ; if 1, canonicalize URL twice and reject
request if a change occurs
AllowHighBitCharacters=0 ; if 1, allow high bit (ie. UTF8 or MBCS)
characters in URL
AllowDotInPath=0 ; if 1, allow dots that are not file
extensions
EnableLogging=1 ; if 1, log UrlScan activity
PerDayLogging=1 ; if 1, UrlScan will produce a new log each
day with activity in the form UrlScan.010101.log
PerProcessLogging=0 ; if 1, the UrlScan.log filename will contain
a PID (ie. UrlScan.123.log)
RemoveServerHeader=0 ; if 1, remove "Server" header from response
AlternateServerName=
UseFastPathReject=0 ; If 1, then UrlScan will not use the
RejectResponseUrl or allow IIS to log the request
LogLongUrls=0 ; If 1, then up to 128K per request can be
logged. If 0, then only 1k is allowed.
RejectResponseUrl= ; UrlScan will send rejected requests to the
URL specified here. Default is /<Rejected-by-UrlScan>
AllowLateScanning=1


D


"Bernard" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...
request
log
I
shutdown



IIS Server Security >> FrontPage Counter

by Bernard » Tue, 14 Oct 2003 11:29:05 GMT

emove the entire .exe line in the [denyextensions],
save the ini, restart IIS, retest again, recheck urslcanxxxx.log

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...



"-Draino-" < XXXX@XXXXX.COM > wrote in message
news:MLDib.555803$cF.233642@rwcrnsc53...
contain
response
the
but



IIS Server Security >> FrontPage Counter

by -Draino- » Tue, 14 Oct 2003 11:57:42 GMT

idn't work

D


"Bernard" < XXXX@XXXXX.COM > wrote in message
news:# XXXX@XXXXX.COM ...
use
else
processing
each
be
For
My
results)
the
the



IIS Server Security >> FrontPage Counter

by Bernard » Tue, 14 Oct 2003 12:05:49 GMT

ost your urlscan log entries here...

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...



"-Draino-" < XXXX@XXXXX.COM > wrote in message
news:WuKib.756151$YN5.716196@sccrnsc01...
reject
MBCS)
to
line



IIS Server Security >> FrontPage Counter

by -Draino- » Wed, 15 Oct 2003 08:27:48 GMT


[10-14-2003 - 20:16:38] ---------------- Initializing
UrlScan.log ----------------
[10-14-2003 - 20:16:38] -- Filter initialization time: [10-14-2003 -
20:16:38] --
[10-14-2003 - 20:16:38] ---------------- UrlScan.dll
Initializing ----------------
[10-14-2003 - 20:16:38] UrlScan will return the following URL for rejected
requests: "/<Rejected-By-UrlScan>"
[10-14-2003 - 20:16:38] URLs will be normalized before analysis.
[10-14-2003 - 20:16:38] URL normalization will be verified.
[10-14-2003 - 20:16:38] URLs must contain only ANSI characters.
[10-14-2003 - 20:16:38] URLs must not contain any dot except for the file
extension.
[10-14-2003 - 20:16:38] Requests with Content-Length exceeding 30000000 will
be rejected.
[10-14-2003 - 20:16:38] Requests with URL length exceeding 16384 will be
rejected.
[10-14-2003 - 20:16:38] Requests with Query String length exceeding 4096
will be rejected.
[10-14-2003 - 20:16:38] Only the following verbs will be allowed (case
sensitive):
[10-14-2003 - 20:16:38] 'GET'
[10-14-2003 - 20:16:38] 'HEAD'
[10-14-2003 - 20:16:38] 'POST'
[10-14-2003 - 20:16:38] 'OPTIONS'
[10-14-2003 - 20:16:38] Requests for following extensions will be rejected:
[10-14-2003 - 20:16:38] '.bat'
[10-14-2003 - 20:16:38] '.cmd'
[10-14-2003 - 20:16:38] '.com'
[10-14-2003 - 20:16:38] '.htw'
[10-14-2003 - 20:16:38] '.ida'
[10-14-2003 - 20:16:38] '.idq'
[10-14-2003 - 20:16:38] '.htr'
[10-14-2003 - 20:16:38] '.idc'
[10-14-2003 - 20:16:38] '.shtm'
[10-14-2003 - 20:16:38] '.shtml'
[10-14-2003 - 20:16:38] '.stm'
[10-14-2003 - 20:16:38] '.ini'
[10-14-2003 - 20:16:38] '.log'
[10-14-2003 - 20:16:38] '.pol'
[10-14-2003 - 20:16:38] '.dat'
[10-14-2003 - 20:16:38] Requests containing the following headers will be
rejected:
[10-14-2003 - 20:16:38] 'if:'
[10-14-2003 - 20:16:38] 'lock-token:'
[10-14-2003 - 20:16:38] 'transfer-encoding:'
[10-14-2003 - 20:16:38] Requests containing the following character
sequences will be rejected:
[10-14-2003 - 20:16:38] '..'
[10-14-2003 - 20:16:38] './'
[10-14-2003 - 20:16:38] '\'
[10-14-2003 - 20:16:38] ':'
[10-14-2003 - 20:16:38] '%'
[10-14-2003 - 20:16:38] '&'
[10-14-2003 - 20:16:38] '/fpdb/'
[10-14-2003 - 20:16:38] '/_private'
[10-14-2003 - 20:16:38] '/_vti_pvt'
[10-14-2003 - 20:16:38] '/_vti_cnf'
[10-14-2003 - 20:16:38] '/_vti_txt'
[10-14-2003 - 20:16:38] '/_vti_log'
[10-14-2003 - 20:26:48] Client at 192.168.2.2: URL contains '.' in the path.
Request will be rejected. Site Instance='1', Raw
URL='/_vti_bin/fpcount.exe/'




D

IIS Server Security >> FrontPage Counter

by Bernard » Wed, 15 Oct 2003 14:08:54 GMT

=> URL contains '.' in the path. Request will be rejected.

change the AllowDotInPath property in urlscan.ini

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...





will
rejected:
path.

IIS Server Security >> FrontPage Counter

by -Draino- » Thu, 16 Oct 2003 04:02:04 GMT

hanks Bernard,

Could have sworn that I tried that before but anyway, that worked but I'm
not sure why. I understand the dot in path thing but it seems that it was
more of a Front Page counter thing with the .exe. Any idea how this affects
security?

Thanks again

D




"Bernard" < XXXX@XXXXX.COM > wrote in message
news:# XXXX@XXXXX.COM ...
rejected
file
be



IIS Server Security >> FrontPage Counter

by Bernard » Thu, 16 Oct 2003 18:49:57 GMT

'm not familiar with the fpcount.exe, but from the log.
as the url is ending with / . so the urlscan take it as dot in path.

This is detailed in this kb -
HOW TO: Use URLScan with FrontPage 2002
http://support.microsoft.com/?id=318290

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...



"-Draino-" < XXXX@XXXXX.COM > wrote in message
news:0Jhjb.287616$ XXXX@XXXXX.COM ...
affects
30000000
be
4096



Similar Threads

1. Frontpage counter

I have changed service providers, and pulished my site. Now my
counter resets back to 1. I can not preset to different number.
I tried to open my site live in FrontPage, and edit my *.cnt file
 in the private folder to a number I wanted. Saved and closed.
Still the number would not change to what I set it to.
Please help. I have FrontPage 2002 on XP.
Thanks,
Ken

Open your live site in FrontPage, in the _private folder, there will
be a
page with the same name as the page your counter is on, but it will
end in
.cnt. Open it in Notepad and edit the number and save.

2. Where are Frontpage counter logs kept?

3. Frontpage counters

My counter function is not working. When I insert the counter it appears and is set to 0001 but it never changes. What do I need to do?
Thanks

4. Frontpage Counter

5. Frontpage Counters

Why can't I get any Frontpage counters to work on my 
websites?  The server is running CGI scripts.

6. MS FrontPage counter problems - Windows XP

7. Page of Hit-Counters, or Hit-Counter Data Base

I would like to create a Hit-Counter Index -- a page (for 
internal use only) which would list the current hit-
counter "counts" for about 15 key pages.

I know I can look at the numbers by going to each page, 
but that artificially increments the number each time I 
do it -- and besides, it also takes time.

I can also view the .cnt files using notepad, so I know 
the data can be read.

The question is, how could I "reference" those ".cnt" 
files in a table all on one page?

Alternately, is there a way to generate a Data Base from 
the values in those ".cnt" files to track the numbers 
over time (either automatically or by manually running a 
script each day).  

Appreciate your help.

8. Use hit counter for page counter