Re: Explicit Deny does not work, why?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 16 Mar 2002 08:32:57 -0800
Hi Tom, Greg,
Unfortunately, that's the choice you have to make:
1. server publishing allows you to maintain IP addresses in the IIS logs,
but can't help with URL filtering
2. web publishing offers great URL filtering but can't pass the original
source IP to the web server.
Your other choice is to use server publishing and install URLScan on the web
server:
http://www.microsoft.com/downloads/release.asp?releaseid=32571
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Greg Foulks" <greg.foulks@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, March 15, 2002 10:07 AM
Subject: [isalist] Re: Explicit Deny does not work, why?
http://www.ISAserver.org
So switching over to Web Publishing works and seems to stop those requests
from being logged.
Is there anyway to stop these requests using Server Publishing? I need to
use server publishing so I can get detailed information
about my visitors to my site using Webtrends.
Thanks,
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, March 14, 2002 10:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Explicit Deny does not work, why?
http://www.ISAserver.org
Hi Jim,
We found out what the problem was. He is using Server Publishing Rules.
HTH,
Tom
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, March 14, 2002 8:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Explicit Deny does not work, why?
http://www.ISAserver.org
That's really a waste of your time.
If those requests are making it to your web server behind ISA, then you
need
to reexamine your publishing technique.
Code Red and Nimda requests can only get to your web server if:
1. you use server publishing for web sites
2. your web-published sites use an "all requests" destination in the
rule
Trying to deny those requests in the face of one (or both) of the above
conditions is fruitless.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Greg Foulks" <greg.foulks@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, March 13, 2002 8:57 AM
Subject: [isalist] Explicit Deny does not work, why?
http://www.ISAserver.org
I've created a series of deny paths (incoming and outgoing) to block any
code red attempts from coming into and out of our ISA
server.
Please see the attached files
1) Snap shot of the ISA server Destination Set and Content Rules.
http://www.nfti.com/screen_shot.htm
2) Below A snap shot of our logs showing the requests are still being
passed.
Can anyone help to explain why the requests are still being allowed
through?
Thanks,
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
Server (500 Series) Errors Detail
Error Code, Timestamp and URL Occurrences % of 5xx Errors
50003/10/2002 05:09:53/scripts/..\../winnt/system32/cmd.exe?/c+dir 1
10.00%
50003/10/2002 05:09:54/scripts/..\../winnt/system32/cmd.exe?/c+dir 3
30.00%
50003/10/2002 05:09:54/scripts/../../winnt/system32/cmd.exe?/c+dir 1
10.00%
50003/10/2002 09:50:31/scripts/..\../winnt/system32/cmd.exe?/c+dir 1
10.00%
50003/10/2002 09:50:34/scripts/../../winnt/system32/cmd.exe?/c+dir 1
10.00%
50003/10/2002 09:50:34/scripts/..\../winnt/system32/cmd.exe?/c+dir 3
30.00%
Total for Errors Above 10 100.00%
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
- » Explicit Deny does not work, why?
- » RE: Explicit Deny does not work, why?
- » RE: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
- » Re: Explicit Deny does not work, why?
