Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Mon Apr 15 2002 - 15:26:39 CDT
('binary' encoding is not supported, stored as-is)
I'm running URLSCAN under IIS 5.0 Windows 2000
SP2, latest patches applied.
Once in a week or so UrlScan starting to provide
such message into
[04-12-2002 - 08:04:22] Client at 188.8.131.52:
Received a malformed request
which resulted in error 50 while modifying the 'Server'
header. Request will
be rejected with a 400 response.
After this all requests generate this message and not
responded. No records
written into IIS log. No valid response served to client.
Restarting w3svc resolving problem.
According to message it's happen on replacing
server name header, which is
the functionality I want to have.
The only guess I have about request which can
trigger this error is that
server application sometimes can receive
long GET request: URL+?+urlencoded xml string.
It's also possible that this URL will contain word
This is still the guess, because as I said there is
nothing from this
request in IIS log.
Below are options of urlscan.ini.
Look like possible bug in urlscan, but sure it can be
much easier answered
by somebody who can look on source code and error
UseAllowVerbs=1 ; if 1, use [AllowVerbs]
section, else use
UseAllowExtensions=0 ; if 1, use
[AllowExtensions] section, else
use [DenyExtensions] section
NormalizeUrlBeforeScan=1 ; if 1, canonicalize
URL before processing
VerifyNormalization=1 ; if 1, canonicalize URL
twice and reject
request if a change occurs
AllowHighBitCharacters=0 ; if 1, allow high bit (ie.
UTF8 or MBCS)
characters in URL
AllowDotInPath=0 ; if 1, allow dots that are
RemoveServerHeader=1 ; if 1,
remove "Server" header from response
EnableLogging=1 ; if 1, log UrlScan activity
PerProcessLogging=0 ; if 1, the UrlScan.log
filename will contain
a PID (ie. UrlScan.123.log)
AllowLateScanning=0 ; if 1, then UrlScan will
load as a low
PerDayLogging=1 ; if 1, UrlScan will
produce a new log each
day with activity in the form UrlScan.010101.log
RejectResponseUrl= ; UrlScan will send
rejected requests to the
URL specified here. Default is /<Rejected-by-
UseFastPathReject=0 ; If 1, then UrlScan will
not use the
RejectResponseUrl or allow IIS to log the request
; If RemoveServerHeader is 0, then
AlternateServerName can be
; used to specify a replacement for IIS's built
in 'Server' header