OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: agtadshotmail.com
Date: Mon Apr 15 2002 - 15:26:39 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) Hello,
    I'm running URLSCAN under IIS 5.0 Windows 2000
    SP2, latest patches applied.
    Once in a week or so UrlScan starting to provide
    such message into
    urlscan.log.

    [04-12-2002 - 08:04:22] Client at 11.22.33.44:
    Received a malformed request
    which resulted in error 50 while modifying the 'Server'
    header. Request will
    be rejected with a 400 response.

    After this all requests generate this message and not
    responded. No records
    written into IIS log. No valid response served to client.
    Restarting w3svc resolving problem.

    According to message it's happen on replacing
    server name header, which is
    the functionality I want to have.

    The only guess I have about request which can
    trigger this error is that
    server application sometimes can receive
    long GET request: URL+?+urlencoded xml string.
    It's also possible that this URL will contain word
    SERVER.

    This is still the guess, because as I said there is
    nothing from this
    request in IIS log.

    Below are options of urlscan.ini.

    Look like possible bug in urlscan, but sure it can be
    much easier answered
    by somebody who can look on source code and error
    50.

    Regards
    Alexander

    [options]
    UseAllowVerbs=1 ; if 1, use [AllowVerbs]
    section, else use
    [DenyVerbs] section
    UseAllowExtensions=0 ; if 1, use
    [AllowExtensions] section, else
    use [DenyExtensions] section
    NormalizeUrlBeforeScan=1 ; if 1, canonicalize
    URL before processing
    VerifyNormalization=1 ; if 1, canonicalize URL
    twice and reject
    request if a change occurs
    AllowHighBitCharacters=0 ; if 1, allow high bit (ie.
    UTF8 or MBCS)
    characters in URL
    AllowDotInPath=0 ; if 1, allow dots that are
    not file
    extensions
    RemoveServerHeader=1 ; if 1,
    remove "Server" header from response
    EnableLogging=1 ; if 1, log UrlScan activity
    PerProcessLogging=0 ; if 1, the UrlScan.log
    filename will contain
    a PID (ie. UrlScan.123.log)
    AllowLateScanning=0 ; if 1, then UrlScan will
    load as a low
    priority filter.
    PerDayLogging=1 ; if 1, UrlScan will
    produce a new log each
    day with activity in the form UrlScan.010101.log
    RejectResponseUrl= ; UrlScan will send
    rejected requests to the
    URL specified here. Default is /<Rejected-by-
    UrlScan>
    UseFastPathReject=0 ; If 1, then UrlScan will
    not use the
    RejectResponseUrl or allow IIS to log the request

    ; If RemoveServerHeader is 0, then
    AlternateServerName can be
    ; used to specify a replacement for IIS's built
    in 'Server' header
    AlternateServerName=ABCDEF