RE: Explicit Deny does not work, why?
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 13 Mar 2002 13:39:37 -0600
Hi Greg,
I looked at 'em, or at least tried to. But the pix were so small I
couldn't' make any of them out.
Anyhow, Code Red can't get in unless:
1. You created a Destination Set and are publishing at www.worm.com
or
2. Unresolved requests for www are resolving to a published Destination
Set.
Hopefully, your logs are showing 404 errors for the requests.
HTH,
Tom
www.isaerver.org/shinder
-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Wednesday, March 13, 2002 12:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Explicit Deny does not work, why?
http://www.ISAserver.org
Well I see some of you have looked at the screen shots... anybody have
and clues why these requests are still getting through?
Thanks,
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Wednesday, March 13, 2002 11:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Explicit Deny does not work, why?
http://www.ISAserver.org
I've created a series of deny paths (incoming and outgoing) to block any
code red attempts from coming into and out of our ISA
server.
Please see the attached files
1) Snap shot of the ISA server Destination Set and Content Rules.
http://www.nfti.com/screen_shot.htm
2) Below A snap shot of our logs showing the requests are still being
passed.
Can anyone help to explain why the requests are still being allowed
through?
Thanks,
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
Server (500 Series) Errors Detail
Error Code, Timestamp and URL Occurrences % of 5xx Errors
50003/10/2002 05:09:53/scripts/..\../winnt/system32/cmd.exe?/c+dir
1 10.00%
50003/10/2002 05:09:54/scripts/..\../winnt/system32/cmd.exe?/c+dir
3 30.00%
50003/10/2002 05:09:54/scripts/../../winnt/system32/cmd.exe?/c+dir
1 10.00%
50003/10/2002 09:50:31/scripts/..\../winnt/system32/cmd.exe?/c+dir
1 10.00%
50003/10/2002 09:50:34/scripts/../../winnt/system32/cmd.exe?/c+dir
1 10.00%
50003/10/2002 09:50:34/scripts/..\../winnt/system32/cmd.exe?/c+dir
3 30.00%
Total for Errors Above 10 100.00%
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
- » Explicit Deny does not work, why?
- » RE: Explicit Deny does not work, why?
- » RE: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
