|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
http traceI'm trying to secure the "http trace" vulnerability on my web server (xforce
article 11149). I have applied url scan and disabled the appropriate verbs. My question is, I'd like to test it to ensure that in fact tracing is disabled. Is there a command I can issue against my web server to test this or some way I can check the status? Regards, George Quitugua Related to this ?
http://msmvps.com/bernard/archive/2003/12/30/1359.aspx You can do a manual telnet to port 80 and issue the command, or you can try wfetch HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections http://support.microsoft.com/?id=284285 -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "GQuitugua" <GQuitu***@discussions.microsoft.com> wrote in message news:A0CCB1AA-9954-4E2C-8CED-53965E42709C@microsoft.com... > I'm trying to secure the "http trace" vulnerability on my web server > (xforce > article 11149). I have applied url scan and disabled the appropriate > verbs. > My question is, I'd like to test it to ensure that in fact tracing is > disabled. Is there a command I can issue against my web server to test > this > or some way I can check the status? > > Regards, > > George Quitugua 
Other interesting topics
Problem w/ Integrated Auth -- Receiving User/Pass dialog box against IIS6
integrated vs basic Accessing Site as Anonymous ASP.NET app permissions Passing User Credentials to site running under Integrated Security Logging into website - remove log in box Anonymous access not working IIS 6 and % characters in a URL Server attack - info please? Can't get rid of localstart.asp |
|||||||||||||||||||||||
