troubleshooting Question

II6 7 equivalent of IIS 6 script mappings

Avatar of banjo1960
banjo1960Flag for United States of America asked on
Microsoft IIS Web Server
3 Comments2 Solutions1056 ViewsLast Modified:
I am responding to audit questions, and it appears they are using IIS 6 checks on my IIS 7 web server.  They are asking that "IIS file extensions which require server-side processing, but which have been deemed vulnerable, include .htr, .htw, .ida, .idc, .idq, .printer, .shtml, .shtm, .bat, .cmd and .stm. Requests to these file types can exploit a stack
buffer overflow weakness in the ism.dll, httpodbc.dll, and ssinc.dll."

They recommend recommend restricting these by making changes to "web service extensions" in IIS 6.  I am running IIS 7.

I know that IIS 7 is completely different than IIS 6.  Do I check "handler mappings" and "request filtering" in IIS 7 in order to accomplish  similar restrictions that still may be needed in IIS 7?
Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros