Microsoft IIS URLScan inflexiblities
Well this certainly sucks. I’ve been working with IIS a little bit and
have installed URLScan and locked down the IIS server the best that I know
of with all the tools available from M$ to help lock this stuff down.
(The Microsoft Baseline Auditor Tool works well for this).
So here I am happy with a somewhat secure lockdown for my purposes and
I figure why not serve up files from the web server such as some nice
freeware utilities I found. Well, it seems URLScan bans all files ending in
.exe unless you unconfigure it. Suck. I want just a set of files
in one directory banned not ALL of them.
Kudos to this web archive (and Der Keiler
of the microsoft.public.intetserver.iis.security newsgroup:
From: (Jeff Cochran)
Date: Fri, 01 Nov 2002 13:45:40 GMT
>Does anybody know if I can allow a specific .exe file and not ALL .exe
>files?
Not in URLScan.
Jeff
