Fw: URLSCAN - Error 50. Ideas?

From: at (agtadsat_private)
Date: Mon Apr 15 2002 - 16:44:14 PDT

Next message: david evlis reign: "Oracle Databases Allow HTML/SQL injection"

Previous message: Doesnt Matter: "ASP & HTR Overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Hi,
> > I'm running urlscan on IIS5.0. Below are configuration
> > options. Periodically it's starting to write such
> > messages into urlscan.log
> >
> > [04-12-2002 - 08:04:22] Client at 111.222.333.444:
> > Received a malformed request which resulted in
> > error 50 while modifying the 'Server' header. Request
> > will be rejected with a 400 response.
> >
> > and repeat them for each new request.
> > After this IIS is not responsive until w3svc stop/start.
> >
> > Look like a simple denial of service.
> > Anybody had something like this? Any ideas?
> >
> > Regards
> > Alexander
> >
> >
> > [options]
> > UseAllowVerbs=1                ; if 1, use [AllowVerbs]
> > section, else use [DenyVerbs] section
> > UseAllowExtensions=0           ; if 1, use
> > [AllowExtensions] section, else use [DenyExtensions]
> > section
> > NormalizeUrlBeforeScan=1       ; if 1, canonicalize
> > URL before processing
> > VerifyNormalization=1          ; if 1, canonicalize URL
> > twice and reject request if a change occurs
> > AllowHighBitCharacters=0       ; if 1, allow high bit (ie.
> > UTF8 or MBCS) characters in URL
> > AllowDotInPath=0               ; if 1, allow dots that are
> > not file extensions
> > RemoveServerHeader=1           ; if 1,
> > remove "Server" header from response
> > EnableLogging=1                ; if 1, log UrlScan activity
> > PerProcessLogging=0            ; if 1, the UrlScan.log
> > filename will contain a PID (ie. UrlScan.123.log)
> > AllowLateScanning=0            ; if 1, then UrlScan will
> > load as a low priority filter.
> > PerDayLogging=1                ; if 1, UrlScan will
> > produce a new log each day with activity in the form
> > UrlScan.010101.log
> > RejectResponseUrl=             ; UrlScan will send
> > rejected requests to the URL specified here. Default
> > is /<Rejected-by-UrlScan>
> > UseFastPathReject=0            ; If 1, then UrlScan will
> > not use the RejectResponseUrl or allow IIS to log the
> > request
> >
> > ; If RemoveServerHeader is 0, then
> > AlternateServerName can be
> > ; used to specify a replacement for IIS's built
> > in 'Server' header
> > AlternateServerName=NONONO
> >
> 
>

Next message: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
Previous message: Doesnt Matter: "ASP & HTR Overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 21:22:36 PDT