URLscan ini file exceptions
I installed the IIS URLscan extension this morning, as recommended in Scott Guthrie's blog post
This promptly stopped Outlook Web Access from working. The URLScan log file showed me what was wrong. I had to loosen up from the default position by setting:
AllowDotInPath=1 in the [options] section
adding the following verbs to the [AllowVerbs] section
SEARCH
SUBSCRIBE
PROPFIND
POLL
BPROPPATCH
and commenting out
Translate: in the [DenyHeaders] section;
: (Don't allow alternate stream access) in the [DenyUrlSequences] section. This was causing any email subject with a colon (Re: your message) in it to be rejected;
.. (Don't allow directory traversals ) in the [DenyUrlSequences] section. This was causing email subjects ending in . to be rejected.
This promptly stopped Outlook Web Access from working. The URLScan log file showed me what was wrong. I had to loosen up from the default position by setting:
AllowDotInPath=1 in the [options] section
adding the following verbs to the [AllowVerbs] section
SEARCH
SUBSCRIBE
PROPFIND
POLL
BPROPPATCH
and commenting out
Translate: in the [DenyHeaders] section;
: (Don't allow alternate stream access) in the [DenyUrlSequences] section. This was causing any email subject with a colon (Re: your message) in it to be rejected;
.. (Don't allow directory traversals ) in the [DenyUrlSequences] section. This was causing email subjects ending in . to be rejected.
Labels: IIS
posted by prgnotes at 12:21
0 Comments:
Post a Comment
<< Home