-
Posted to
IIS7 - Security
by
davide marzucco
on
05-29-2009, 4:58 AM
Hi Leo, thank you VERY much for your help. Although I agree with you, I was very scared about request filtering guessing the "real" extension. Infact, what solved my issue is only URLScan parameter AllowDotInPath=1.
Just to let you know, the sub status code was HTTP 404.0 Not Found - The resource you are looking for has been removed, ...
-
Posted to
IIS7 - Security
by
davide marzucco
on
05-22-2009, 6:43 AM
Hi all, while I'm going down with securing IIS through request filtering, I enabled filtering fileExtensions by setting allowUnlisted="false" and then explicitly list all the fileExtensions I know and need to be served.
By the way I found some strange behavior when a static html site produced by a Java framework (do you know ...
-
Posted to
IIS7 - General
by
davide marzucco
on
05-14-2009, 11:57 AM
It's always the same story... I was searching for a solution to this problem for a long time... when I decided to post here searching for some help... And immediately after posting the message... I found my way!!
Just to leave it in case of further needs, here is what I did:
I run sc queryex nettcpactivator which told me more information ...
-
Posted to
IIS7 - General
by
davide marzucco
on
05-14-2009, 11:47 AM
Hi guys, I really can't imagine weather or not this is the right place where to post my problem.
We have a WCF services application running on IIS7 on more than one Windows Server 2008 Std x64. On one of the servers we are facing some problems with net.tcp. If I run
iisreset /status
here is what I get:
Status for Windows Process ...
-
Posted to
IIS7 - Security
by
davide marzucco
on
04-27-2009, 5:03 AM
That's it!! You're the one Lex!!! Thank you sooooooooooooo much!!
I tried many other possibilities, setting "/", or "", but with no luck (and indeed I was trying to have luck!!)
The "." (dot) is the obvious solution, but I was not aware of that.
Now I'm happy and feel secure!!
This solution should be ...
-
Posted to
IIS7 - Security
by
davide marzucco
on
04-27-2009, 3:46 AM
Hi Lex, thank you again for your reply. I was afraid of this conclusion. We can't get the server secure and user-friendly at the same time! What's your opinion on having a company site unreachable at www.company.com ? We'll have to tell everybody to type www.company.com/default.aspx to reach the homepage...
I agree with you, enabling ...
-
Posted to
IIS7 - Security
by
davide marzucco
on
04-25-2009, 6:04 AM
Thank you lextm for your reply, but unfortunately I found no news on the issue. You're right, surfing that URL on the local server, I can see the detailed IIS error code, which is 404.7, that is a file extension denied. But I already knew this, as I wrote, changing allowUnlisted="true" the problem is not issued anymore.
The real ...
-
Posted to
IIS7 - Security
by
davide marzucco
on
04-23-2009, 12:30 PM
Hi all, I'm just working on locking down IIS7 with request filtering.
To avoid any misunderstanding here it is the requestFiltering node from my applicationHost.config file:
<requestFiltering allowHighBitCharacters="false" allowDoubleEscaping="false">
<requestLimits ...
-
Posted to
IIS 7 - Troubleshooting
by
davide marzucco
on
09-27-2008, 3:46 AM
Hi all, I have a windows 2008 core server installation with only FTP7 feature on it. It is in a testing environment, so I disable every firewall functionality to be sure that my problems doesn't depend on firewall rules.
The problem is: when I start any upload of files bigger than 100 MB, the transfer doesn't complete correctly, as after ...