Avatar of Jay Newcome
Jay Newcome
Flag for United States of America asked on

IIS error - CISCO SECURITY?

I have a strange IIS error.  Running IIS web server, Win 2003. One web page on my server, announcements.asp, gives an error screen (see attached screen shot).  If I rename or copy the file to: test2.asp, the webpage opens way it always has...  

I am stumped - any ideas as to why this would suddenly happen or where I should look to clear this up?  It does not appear to deliver a payload, and I have scanned for virus and malware with no hits... The server is running slow, so I am suspicious something is amiss, but I am not seeing an error...  No other pages on my server are doing this that I can see... No changes in permissions either...

GRRRRrrr.  Any help is apprecaited!
error-screen.pdf
Microsoft IIS Web ServerVulnerabilities

Avatar of undefined
Last Comment
Jay Newcome

8/22/2022 - Mon
Jay Newcome

ASKER
I checked the weblog on the server, it appears to be delivering the pages the same:

2013-01-07 02:18:20 W3SVC1 10.70.24.2 GET /brown/announcements.asp - 80 - 173.88.253.196

2013-01-07 02:18:26 W3SVC1 10.70.24.2 GET /brown/test2.asp - 80 - 173.88.253.196
Dirk Kotte

there are a cisco device or software with contentfilter.
this device or softwarte has classified the page (or the part with "announcements.asp") as google/search-engine. And it is configured to block this category.

you have to configure this device to not block this page...
also the most vendors use databeses with site-/page-classifications, possible your page are within the false category.

which cisco solution do you use?
Jay Newcome

ASKER
That is the rub - I don't use a Cisco Web security device...  We are a K12 school district and I do have filtering and firewall, but neither is a Cisco device... So now I am wondering if there is one downstream from me.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
Dirk Kotte

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Dirk Kotte

ok, every time i open the page i can see another reason (Application/Category)
The error occurs if you try to open the page at the server directly also?
if so, you have something within the IIS- ASP- engine, the ISAPI filter ...
... now i understand your question :-)
Jay Newcome

ASKER
I looked at the ASP and the web server pretty hard before posting as I thought that was the issue too, but did not find anything there.  Likewise, a virus scan and malware scan did not bring up anything...

I think our ISP has CISCO filtering. I am waiting on call back.  I do not have any filtering using any of my cisco products...  

If I rename the file, it delivers fine.  It works on the server itself, and if I access from within my network (using any file name), the file is delivered fine (which really points me towards this being something outside of our network/control).
Dirk Kotte

renaming the page is not an option?

you can try to capture the send content (possible send to me) to check your webserver send the correct content .... while i see the error-page.

tell me if you need this - or more infos about how.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Dirk Kotte

other announcements.ASP pages from this server have the same error
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
btan

also saw cisco has scansafe in its portfolio, hopefully not its doing as it also looks at URL reputation

http://www.scansafe.com/deployment
http://www.cisco.com/en/US/products/ps12828/serv_group_home.html
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jay Newcome

ASKER
I picked my answer as a solution because it documents what is really happening to us.  That said, the posts from the contributing experts were invaluable for me to fully understand the problem, ID and pinpoint the responsible party and force the resolution and I belive that these posts will help others who may find this issue.  Thank you again!!!!!
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23