Home All Groups Group Topic Archive Search About

Where to find the denied requests for IIS 6

microsoft.public.inetserver.iis.security
Author
18 Apr 2005 11:57 AM
Keith-Earl
We know that the std IIS logs contain the return codes of 401, 402, etc.,
but we are interested in the URLScan logs that were present in IIS 5 and
prior with the URLScan tool was setup.

I am told not to run URLScan or IIS Lockdown on an IIS 6 box because that
functionality is baked right into IIS 6.  But where do I read the detail
results of a blocked request like I used to get with URLScan?

Many thanks,

Keith

Author
18 Apr 2005 1:17 PM
Ken Schaefer
Blocked requests (e.g. for disallowed webservice extensions) are logged into
the main IIS logfile.

Cheers
Ken

--
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com

Show quoteHide quote
"Keith-Earl" <keith_NO_SPAM_HERE_rowe79@hotmail.com> wrote in message
news:%23DuwL3ARFHA.3076@TK2MSFTNGP14.phx.gbl...
: We know that the std IIS logs contain the return codes of 401, 402, etc.,
: but we are interested in the URLScan logs that were present in IIS 5 and
: prior with the URLScan tool was setup.
:
: I am told not to run URLScan or IIS Lockdown on an IIS 6 box because that
: functionality is baked right into IIS 6.  But where do I read the detail
: results of a blocked request like I used to get with URLScan?
:
: Many thanks,
:
: Keith
:
:
Author
19 Apr 2005 6:17 AM
Bernard
You still can deploy urlscan if it fits your requirement, refer
http://www.microsoft.com/technet/security/tools/urlscan.mspx#ECAA


--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/


Show quoteHide quote
"Keith-Earl" <keith_NO_SPAM_HERE_rowe79@hotmail.com> wrote in message
news:%23DuwL3ARFHA.3076@TK2MSFTNGP14.phx.gbl...
> We know that the std IIS logs contain the return codes of 401, 402, etc.,
> but we are interested in the URLScan logs that were present in IIS 5 and
> prior with the URLScan tool was setup.
>
> I am told not to run URLScan or IIS Lockdown on an IIS 6 box because that
> functionality is baked right into IIS 6.  But where do I read the detail
> results of a blocked request like I used to get with URLScan?
>
> Many thanks,
>
> Keith
>



Post Other interesting topics
UrlScan.dll Terminating
IIS folder structure and security.
IIS Challenge for Password. WinXP authenticates differently than Win2k.
Need to block Web Spider software like Teleport pro
How to tell if IIS lockdown Tool is installed?
Re: Does Http.sys block all mobile device requests?
IIS6, WIN2k3SP1 and integrated authentication
Failure posting files to iis6.0 using ssl client authentication
URLScan as an attack vector?
Security concern in event viewer