[isapros] Re: HTTP Filtering for SharePoint
- From: Jason Jones <Jason.Jones@xxxxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Tue, 8 Apr 2008 18:01:14 +0100
From looking at IAG, it appears that the only verbs used are: PROPFIND,
OPTIONS, HEAD, POST, GET
From what I remember of SharePoint publishing in the past, it is recommended to
ensure that 'Verify Normalization' and 'Block High Bit Chars' are DISABLED.
So, at the most basic level, I could use the following HTTP filter XML:
<Configuration BlockExecutables="false" ViaHeaderAction="0"
NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue=""
MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true"
VerifyNormalization="false" AllowHighBitCharacters="true"
BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions
AllowCondition="0"></Extensions></UrlValidation><Verbs
AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb
Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb
Value="POST" Description=""/><Verb Value="GET"
Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures></DeniedSignatures></Configuration>
If I add the forbid characters from IAG, we then have something like this:
<Configuration BlockExecutables="false" ViaHeaderAction="0"
NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue=""
MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true"
VerifyNormalization="false" AllowHighBitCharacters="true"
BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions
AllowCondition="0"></Extensions></UrlValidation><Verbs
AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb
Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb
Value="POST" Description=""/><Verb Value="GET"
Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures><Signature
Name="\\" Description="" SearchInType="0" SearchInHeader="" From="1" To="100"
Pattern="[\\]" FormatIsText="true" Enabled="true"/><Signature Name=":"
Description="" SearchInType="0" SearchInHeader="" From="1" To="100"
Pattern="[:]" FormatIsText="true" Enabled="true"/><Signature Name="*"
Description="" SearchInType="0" SearchInHeader="" From="1" To="100"
Pattern="[*]" FormatIsText="true" Enabled="true"/><Signature Name="?"
Description="" SearchInType="0" SearchInHeader="" From="1" To="100"
Pattern="[?]" FormatIsText="true" Enabled="true"/><Signature
Name="""" Description="" SearchInType="0" SearchInHeader="" From="1"
To="100" Pattern="[""]" FormatIsText="true"
Enabled="true"/><Signature Name="<" Description="" SearchInType="0"
SearchInHeader="" From="1" To="100" Pattern="[<]" FormatIsText="true"
Enabled="true"/><Signature Name=">" Description="" SearchInType="0"
SearchInHeader="" From="1" To="100" Pattern="[>]" FormatIsText="true"
Enabled="true"/><Signature Name="|" Description="" SearchInType="0"
SearchInHeader="" From="1" To="100" Pattern="[|]" FormatIsText="true"
Enabled="true"/></DeniedSignatures></Configuration>
Is this about as good as we are going to get?
I am also looking for the same filters for Exchange 2007, but I guess that is
another painful discussion with the Exchange product team :( I can get some
pretty similar stuff by reverse engineering the IAG settings again, but
official MS guidance would be nicer (MS produced this for Exchange 2003 which
was very handy).
Cheers
JJ
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: 07 April 2008 08:12
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: HTTP Filtering for SharePoint
Sorry - ben playing in Haifa, Jerusalem, Bethlehem, Eilat, etc. for the past
two weeks.
I'll follow up on this after I return to rainy-land...
________________________________
From: isapros-bounce@xxxxxxxxxxxxx [isapros-bounce@xxxxxxxxxxxxx] On Behalf Of
Jason Jones [Jason.Jones@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, April 02, 2008 4:20 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: HTTP Filtering for SharePoint
Any update on HTTP filter settings "collaboration" from the SharePoint guys? :)
Jason Jones | Security | Silversands Limited | Desk: +44 (0)1202 360489 |
Mobile: +44 (0)7971 500312 | Email/MSN: jason.jones@xxxxxxxxxxxxxxxxx
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: 04 March 2008 14:54
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: HTTP Filtering for SharePoint
I've asked the SP team for their input.
They've been really good about collaboration in the past...
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Jones
Sent: Tuesday, March 04, 2008 6:30 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] HTTP Filtering for SharePoint
Hi,
Anyone ever manage to get these nailed down?
I have seen MS recommendations for Exchange 2003, but never seen SharePoint
discussed.
I am guessing it is pretty hard to do as SharePoint is so dynamic and can
include various web parts. Something you filter today, may be needed tomorrow
etc.
At this point, most of our deployments go out with the default HTTP filter
settings, but just wondering if this needs to be reviewed...
Thoughts?
Cheers
JJ
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
Other related posts:
