I believe there is a line in the Urlscan.ini file that specifically needs to
be changed for servers running FP. Have you checked out the readme for that
item? I'm pretty sure by default FP is blocked...

Thanks,

James F
JamesRS25.com
(303) 913 - 6998

Light travels faster than sound. This is why some people
appear bright until you hear them speak

----- Original Message -----
From: "René Fehlmann" <fehlmannbluemail.ch>
To: <focus-mssecurityfocus.com>
Sent: Friday, September 14, 2001 1:55 AM
Subject: URLScan

Hi There,

I get this error when I try to access a Webserver with Frontpage.
the .dll should not be rejected nor can I find anything for the '.'!

Any Help is appreciated!

Thanks

René

[Fr, Sep 14 2001 - 09:45:03] ---------- UrlScan.dll Initializing ----------
[Fr, Sep 14 2001 - 09:45:03] URLs will be normalized before analysis.
[Fr, Sep 14 2001 - 09:45:03] URL normalization will be verified.
[Fr, Sep 14 2001 - 09:45:03] URLs may contain OEM, international and UTF-8
characters.
[Fr, Sep 14 2001 - 09:45:03] URLs must not contain any dot except for the
file extension.
[Fr, Sep 14 2001 - 09:45:03] Only the following verbs will be allowed (case
sensitive):
[Fr, Sep 14 2001 - 09:45:03] 'GET'
[Fr, Sep 14 2001 - 09:45:03] 'HEAD'
[Fr, Sep 14 2001 - 09:45:03] 'POST'
[Fr, Sep 14 2001 - 09:45:03] Requests for following extensions will be
rejected:
[Fr, Sep 14 2001 - 09:45:03] '.exe'
[Fr, Sep 14 2001 - 09:45:03] '.bat'
[Fr, Sep 14 2001 - 09:45:03] '.cmd'
[Fr, Sep 14 2001 - 09:45:03] '.com'
[Fr, Sep 14 2001 - 09:45:03] '.htw'
[Fr, Sep 14 2001 - 09:45:03] '.ida'
[Fr, Sep 14 2001 - 09:45:03] '.htr'
[Fr, Sep 14 2001 - 09:45:03] '.idc'
[Fr, Sep 14 2001 - 09:45:03] '.shtm'
[Fr, Sep 14 2001 - 09:45:03] '.shtml'
[Fr, Sep 14 2001 - 09:45:03] '.stm'
[Fr, Sep 14 2001 - 09:45:03] '.printer'
[Fr, Sep 14 2001 - 09:45:03] '.ini'
[Fr, Sep 14 2001 - 09:45:03] '.pol'
[Fr, Sep 14 2001 - 09:45:03] '.dat'
[Fr, Sep 14 2001 - 09:45:03] Requests containing the following headers will
be rejected:
[Fr, Sep 14 2001 - 09:45:03] 'translate:'
[Fr, Sep 14 2001 - 09:45:03] 'if:'
[Fr, Sep 14 2001 - 09:45:03] 'lock-token:'
[Fr, Sep 14 2001 - 09:45:03] Requests containing the following character
sequences will be rejected:
[Fr, Sep 14 2001 - 09:45:03] '\'
[Fr, Sep 14 2001 - 09:45:03] ':'
[Fr, Sep 14 2001 - 09:45:03] '%'
[Fr, Sep 14 2001 - 09:45:03] '&'
[Fr, Sep 14 2001 - 09:45:32] Client at xx.xx.xx.xx: URL contains '.' in
the path. Request will be rejected. Raw URL='/_vti_bin/shtml.dll/_vti_rpc'
[Fr, Sep 14 2001 - 09:45:48] Client at xx.xx.xx.xx: URL contains '.' in
the path. Request will be rejected. Raw URL='/_vti_bin/shtml.dll/_vti_rpc'

________________________________________
E-Mail for everyone! http://www.bluemail.ch/ powered by Bluewin!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]