RE: Access to one URL subdirectory
- From: "Alexander Rayborn" <alexander@xxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 19 Nov 2001 09:49:56 -0600
Awesome. So they disable Microsoft's patches, eh? Nice work on their part (dripping sarcasm). Just out of curiousity, why would you want to enable directory traversal anyway? --Alexander > -----Original Message----- > From: Jim Locke [mailto:jim@xxxxxxxxxxxxxxxxxx] > Sent: Monday, November 19, 2001 9:36 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access to one URL subdirectory > > > http://www.ISAserver.org > > > Don't use URLScan, I tired this. Here's what happened: > > Webserver had all the approp. patches to prevent the codered > & nimda and so on. Installed URLScan and made 1 change to > allow 'directory traversing'. Went for a qwk coffee, came > back 1/2 hour later to see NIMDA infecting server (running > packet sniffer) Called PSS, talked with several people, the > 'directory traversing' over-rode all previous patches. Their > fix for this: > > FORMAT C > > Jim..