Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IISLockdown

Posted on 2004-09-14
9
Medium Priority
?
175 Views
Last Modified: 2010-04-14
Once you've run IISLockdown, how do you run it again, without loosing any of the previous settings. My current configuration is denying use of Outlook Web Access from the Internet where the subject line has punctuation in it, i.e. ',' '.' etc.

I want to be able to allow these without affecting any other settings. I've had a look at the C:\WINDOWS\system32\inetsrv\oblt-log.log IISLockdown configuration file, but not sure 1) what do add / remove 2) whether I should be modifying the log file itself in this manner.
0
Comment
Question by:M_Andrews
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12054840
Don't you do this via the URLScan utility that comes with the lockdown wizard?.. When I wanted to change something like this, I only changed the INI file and reapply the urlscan filter...
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12054844
the file is urlscan.ini
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12054850
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Author Comment

by:M_Andrews
ID: 12062184
OK, thanks for that info.

I've had a look at the urlscan.ini file and the only bit that I can see that's relevant is this section:


[DenyUrlSequences]
..  ; Don't allow directory traversals
./  ; Don't allow trailing dot on a directory name
\   ; Don't allow backslashes in URL
:   ; Don't allow alternate stream access
%   ; Don't allow escaping after normalization
&   ; Don't allow multiple CGI processes to run on a single request


Would I be right in thinking that it's these (particularly use of . and .. as people definitely use this in the subject lines frequently). If so, can I just remove them? Do I then have to do a restart on the webserver?

Thanks
0
 

Author Comment

by:M_Andrews
ID: 12062253
Actually, it looks like one of the main options might do it:

AllowDotInPath=0               ; if 1, allow dots that are not file extensions

I'll have to check and see. I found this ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod114.asp ) article more relevant for it's general use and one of the pitfalls it mentions is the use of '.' etc.
0
 

Author Comment

by:M_Andrews
ID: 12062438
OK, I changed the AllowDotInPath to 1 and also commented out the other two likely culprits:

..  ; Don't allow directory traversals
./  ; Don't allow trailing dot on a directory name

I then stopped and restarted IIS, but it still fails. If you take a look at the two test emails I sent myself. The first test was just with the subject named 'Test':

https://removed-domain.com/exchange/ssladmin/Inbox/Test.EML?Cmd=open

This worked fine. I then sent another email with a dot appended to the end, i.e. a subject line of 'Test.', this produced this URL, which didn't work:

https://removed-domain.com/exchange/ssladmin/Inbox/Test%202..EML?Cmd=open

Should I have done something other than just stop / start the IIS to get the new settings in urlscan.ini to apply or am I totally shooting in the dark with these settings?




0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12064341
I think you have to rerun urlscan setup after having changed the ini, i'll get back to you in a few min..
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 750 total points
ID: 12064480
Ok..  also, go to \winnt\system32\inetsrv\urlscan\ and run urlscan.exe, it will update the rule.. also, in this folder, check the LOGS folder, and have a look at the log. It will tell you what is wrong... (what is getting blocked when you try an access)
0
 

Author Comment

by:M_Andrews
ID: 12177781
Re-running URL scan just overwrites the setitngs that I'd already modified. I ended up removing the lines below from the urlscan.ini file:

..  ; Don't allow directory traversals
./  ; Don't allow trailing dot on a directory name

and then restarted the server and this works fine now.

Thanks for your help Yan_west, your input certainly put me on the right path.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question