|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
401 errors filling logfilewe have static intranet site which seems to be working fine without any
displayed errors on IE, however, I just realized that "http-error 401" is filling the log with every users' access to the site. I have cross-checked users permission both on IIS and folders. The site is configured with "Integrated Windows Authentication" and "Everyone-Group" has FullControl permission on the folder. The funny thing is that the pages/Images are being viewed on IE without any problem, but why is these error entries in the log. An example is below: 2005-05-31 22:03:04 ClientIP - GET /images/PDFIconsmall.gif 401 4625 HTTP/1.0 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) http://Intranetsite/Subfolder1/subfolder2/default.htm Any ideas?
Show quote
Hide quote
"topokin" <topo***@discussions.microsoft.com> wrote in message The "-" in the log may indicate an anonymous access attempt. The browser news:6D1A3CAD-540C-4EEB-B7F2-606A77C4E8E0@microsoft.com... > we have static intranet site which seems to be working fine without any > displayed errors on IE, however, I just realized that "http-error 401" is > filling the log with every users' access to the site. > > I have cross-checked users permission both on IIS and folders. The site is > configured with "Integrated Windows Authentication" and "Everyone-Group" > has > FullControl permission on the folder. The funny thing is that the > pages/Images are being viewed on IE without any problem, but why is these > error entries in the log. An example is below: > > 2005-05-31 22:03:04 ClientIP - GET /images/PDFIconsmall.gif 401 4625 > HTTP/1.0 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) > http://Intranetsite/Subfolder1/subfolder2/default.htm > > Any ideas? will try to access anonymously first before authentication takes place. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS Is there any way to overcome such attempt, I need to get rid of the entries
because it is populating the logfile unnecessarily. Show quoteHide quote "Tom Kaminski [MVP]" wrote: > "topokin" <topo***@discussions.microsoft.com> wrote in message > news:6D1A3CAD-540C-4EEB-B7F2-606A77C4E8E0@microsoft.com... > > we have static intranet site which seems to be working fine without any > > displayed errors on IE, however, I just realized that "http-error 401" is > > filling the log with every users' access to the site. > > > > I have cross-checked users permission both on IIS and folders. The site is > > configured with "Integrated Windows Authentication" and "Everyone-Group" > > has > > FullControl permission on the folder. The funny thing is that the > > pages/Images are being viewed on IE without any problem, but why is these > > error entries in the log. An example is below: > > > > 2005-05-31 22:03:04 ClientIP - GET /images/PDFIconsmall.gif 401 4625 > > HTTP/1.0 > > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) > > http://Intranetsite/Subfolder1/subfolder2/default.htm > > > > Any ideas? > > The "-" in the log may indicate an anonymous access attempt. The browser > will try to access anonymously first before authentication takes place. > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > > >
Show quote
Hide quote
"topokin" <topo***@discussions.microsoft.com> wrote in message If that is in fact what is happening, then no. Does the pattern suggest news:C03B3773-5641-434B-8CC3-1DFE7253235D@microsoft.com... > "Tom Kaminski [MVP]" wrote: >> "topokin" <topo***@discussions.microsoft.com> wrote in message >> news:6D1A3CAD-540C-4EEB-B7F2-606A77C4E8E0@microsoft.com... >> > we have static intranet site which seems to be working fine without any >> > displayed errors on IE, however, I just realized that "http-error 401" >> > is >> > filling the log with every users' access to the site. >> > >> > I have cross-checked users permission both on IIS and folders. The site >> > is >> > configured with "Integrated Windows Authentication" and >> > "Everyone-Group" >> > has >> > FullControl permission on the folder. The funny thing is that the >> > pages/Images are being viewed on IE without any problem, but why is >> > these >> > error entries in the log. An example is below: >> > >> > 2005-05-31 22:03:04 ClientIP - GET /images/PDFIconsmall.gif 401 4625 >> > HTTP/1.0 >> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) >> > http://Intranetsite/Subfolder1/subfolder2/default.htm >> > >> > Any ideas? >> >> The "-" in the log may indicate an anonymous access attempt. The browser >> will try to access anonymously first before authentication takes place. > > Is there any way to overcome such attempt, I need to get rid of the > entries > because it is populating the logfile unnecessarily. that? It should only happen once per client browser session. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS It seems that is the case, the entries stop with . The problem is I need the
site to be protected and not just accessible to anyone, but the NTFS permission seems not capable of that with "Anonymous Access" enabled on the site. Any way around it. Show quoteHide quote "Tom Kaminski [MVP]" wrote: > "topokin" <topo***@discussions.microsoft.com> wrote in message > news:C03B3773-5641-434B-8CC3-1DFE7253235D@microsoft.com... > > "Tom Kaminski [MVP]" wrote: > >> "topokin" <topo***@discussions.microsoft.com> wrote in message > >> news:6D1A3CAD-540C-4EEB-B7F2-606A77C4E8E0@microsoft.com... > >> > we have static intranet site which seems to be working fine without any > >> > displayed errors on IE, however, I just realized that "http-error 401" > >> > is > >> > filling the log with every users' access to the site. > >> > > >> > I have cross-checked users permission both on IIS and folders. The site > >> > is > >> > configured with "Integrated Windows Authentication" and > >> > "Everyone-Group" > >> > has > >> > FullControl permission on the folder. The funny thing is that the > >> > pages/Images are being viewed on IE without any problem, but why is > >> > these > >> > error entries in the log. An example is below: > >> > > >> > 2005-05-31 22:03:04 ClientIP - GET /images/PDFIconsmall.gif 401 4625 > >> > HTTP/1.0 > >> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) > >> > http://Intranetsite/Subfolder1/subfolder2/default.htm > >> > > >> > Any ideas? > >> > >> The "-" in the log may indicate an anonymous access attempt. The browser > >> will try to access anonymously first before authentication takes place. > > > > Is there any way to overcome such attempt, I need to get rid of the > > entries > > because it is populating the logfile unnecessarily. > > If that is in fact what is happening, then no. Does the pattern suggest > that? It should only happen once per client browser session. > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > > > "topokin" <topo***@discussions.microsoft.com> wrote in message Sorry, I don't understand your response.news:2F248A8E-77A3-4B91-9769-9697C6A2BA38@microsoft.com... > It seems that is the case, the entries stop with . The problem is I need > the > site to be protected and not just accessible to anyone, but the NTFS > permission seems not capable of that with "Anonymous Access" enabled on > the > site. > > Any way around it. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS What I meant was that once "Anonymous Access" is enabled on the Intranet-Site
through "IIS Management Console", the 401 entries cease to be produced. Since I do not want everyone having access to the site, is there a way to still protect it through NTFS permission. I have removed EveryoneGroup and only assign permission to the DomainUsers on the directory, but this action seems to protect it. Is there any way around it or I am doing something wrong? Show quoteHide quote "Tom Kaminski [MVP]" wrote: > "topokin" <topo***@discussions.microsoft.com> wrote in message > news:2F248A8E-77A3-4B91-9769-9697C6A2BA38@microsoft.com... > > It seems that is the case, the entries stop with . The problem is I need > > the > > site to be protected and not just accessible to anyone, but the NTFS > > permission seems not capable of that with "Anonymous Access" enabled on > > the > > site. > > > > Any way around it. > > Sorry, I don't understand your response. > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > > > "topokin" <topo***@discussions.microsoft.com> wrote in message That's right - they'll stop because every access is anonymous. With news:317AE8A6-BA02-4CE3-9620-ED9D8B107D10@microsoft.com... > What I meant was that once "Anonymous Access" is enabled on the > Intranet-Site > through "IIS Management Console", the 401 entries cease to be produced. > Since > I do not want everyone having access to the site, is there a way to still > protect it through NTFS permission. > > I have removed EveryoneGroup and only assign permission to the DomainUsers > on the directory, but this action seems to protect it. > > Is there any way around it or I am doing something wrong? anonymous access disabled, there's no way to prevent the initial 401 because browsers always attempt to access the content anonymously first. So essentially there's no way around it. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS 
Other interesting topics
certificate services fails to start
Username/Password input dialog IIS 6 Impersonate failed for ASP Authentication problem Problem with IUSR account How to control bandwidth per web site on IIS Is the sessionState cookie a security risk. Using integrated authentication Response splitting Users get directory of virtual web site |
|||||||||||||||||||||||
