• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1251
  • Last Modified:

Configuring a timeout response instead of an error page such as 404?

Hi, I am wanting my Windows Server 2008 R2 IIS 7 installation to not respond at all when queried for a hostname it doesn't know instead of responding with any sort of error code. I don't even want to it to refuse the connection.. just time out! Is there a way to do this? Thanks for all your help!
0
milldarr
Asked:
milldarr
  • 4
  • 3
  • 2
  • +1
1 Solution
 
gaurav05Commented:
Hi ,

Check attached screen shot..

you need to set connection limit to 0 .. for default website..

After doings  this settings you will get 503 service unavailable page.


Let us know if you need more help..

Thanks
-Gaurav
ScreenShot002.bmp
ScreenShot005.bmp
0
 
Leon FesterCommented:
The 404 page code is a HTTP standard response code meaning that the server was contacted by the request resource/file cannot be found.

The only way you'll get around that is to create a custom 404 page.
But if you need to then read the following

http://ask.enquiro.com/2008/how-to-create-a-custom-404-error-page-in-microsoft-iis/
Personally I wouldn't recommend/agree with changing these pages.
Can you say why you want to change it?

http codes explained.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

I am wanting my Windows Server 2008 R2 IIS 7 installation to not respond at all when queried for a hostname it doesn't know instead of responding with any sort of error code.

Not sure how your server would be queried in the first place, in order for an HTTP request to reach your server would be if you had a DNS record for that site...just cleanup the DNS records.
0
 
btanExec ConsultantCommented:
This is another means for customisation. Check out the configuration/sample code section
http://www.iis.net/ConfigReference/system.webServer/httpErrors

Or maybe even
>> "defaultResponseMode" - Using "ExecuteURL" to serve dynamic content, for example, a .asp file for the custom error.
>> "detailedMoreInformationLink" - Specifies a link, shown at the bottom of the page, to a page with more detailed information about a particular error. You can use this property to point end users to a custom location for error information.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
milldarrAuthor Commented:
Sorry, those answers are still having my server respond with something. I want absolutely no TCP response (no ACK, no RST, nothing) when queried. I understand I could remove the DNS entries, but what if someone types in the IP of the server? Such as: http://8.8.8.8. Then they still get a 404 or whatever. I wan't it to just sit there like 'Connecting to 8.8.8.8' ... but never get a response packet whatsoever. I want to do this for security reasons. The most secure server doesn't talk at all.. because any received packet can be analyzed to discover things about the server. Thanks for your help.
0
 
Leon FesterCommented:
If our answers are wrong then your question is wrong.

404 is a specific request that will only be returned by an HTTP server.

If you want to block every open port on your server, then setup a firewall or even enable on on the PC itself and block everything.

Security best practises suggests that you only open the ports that you need, so decide what services this server is offering on the network and open the ports accordingly.

If you want to block pings to the server - disable icmp,
Stop HTTP responses -  don't install an http server, any hacker/hacking tool knows http servers listen on port 80 by default.

But then a port scan on any IP address will run through ALL the possible ports and listen for a response, based on the ports that answer they "attacker" if he is worth his salt should be able to identify the type of server that is configured on that IP.

If this server has IIS installed, then won't be able to stop anybody from connecting to your server since you need to be listening on some port in order to service the valid requests.
0
 
Leon FesterCommented:
Check out the free scan from http://www.grc.com.
It should show you which ports are open to the Internet if that machine is internet connected
0
 
milldarrAuthor Commented:
I know how to do this on Apache.. it's just IIS I'm new to. Yes, an HTTP server usually listens on 80, but it doesn't have to respond when queried for a hostname it doesn't have. For all an attacker knows, I could be using 80 as a non-standard port for my Ventrilo server. It's only when they receive a 404 or an HTTP response that they know it's a web server. So just because I'm listening on 80 doesn't mean I'm a webserver.

Example:

GET / HTTP/1.1
Host: www.example.com

Oh wait, I don't host example.com

Time to shutup!

Instead of saying..

Oh wait, I don't host example.com.. let me tell them I don't, and that I'm a webserver. 404!

It's okay.. I think I'm confusing some of you. I will give you all the accepted solution as I truly appreciate the help. I think if you really want to be secure you've got to stick with Apache! Thanks again.
0
 
btanExec ConsultantCommented:
Maybe this URL rewrite can helped if we use "AbortRequest" as Rule actionto drop the request @ http://learn.iis.net/page.aspx/499/request-blocking---rule-template/
0
 
milldarrAuthor Commented:
WOW thank you so much bread! That is exactly what I needed! Applause!
0
 
milldarrAuthor Commented:
Answered question first post while many others were confused/oblivious! Bravo!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now