The below request for cmd.exe should not have reached IIS.
Could somebody please tell me what setting in UrlScan.dll am I missing?

This is what what I've found in my WEB server log file:

++++++++++++++++++++++++++++++++++++++++++++++++++++
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-04-30 03:45:40
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-04-30 04:06:31  GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 80 - 208.210.49.246 - 404 0 64
2005-04-30 04:16:00  GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 80 - 208.210.49.246 - 404 0 64
++++++++++++++++++++++++++++++++++++++++++++++++++++

And this is the corresponding section of UrlScan.dll LOG:

[04-30-2005 - 04:05:17] ---------------- UrlScan.dll Initializing ----------------
[04-30-2005 - 04:05:17] URLs will be normalized before analysis.
[04-30-2005 - 04:05:17] URL normalization will be verified.
[04-30-2005 - 04:05:17] URLs must contain only ANSI characters.
[04-30-2005 - 04:05:17] URLs must not contain any dot except for the file extension.
[04-30-2005 - 04:05:17] Requests with Content-Length exceeding 30000000 will be rejected.
[04-30-2005 - 04:05:17] Requests with URL length exceeding 260 will be rejected.
[04-30-2005 - 04:05:17] Requests with Query String length exceeding 2048 will be rejected.
[04-30-2005 - 04:05:17] Only the following verbs will be allowed (case sensitive):
[04-30-2005 - 04:05:17]  'GET'
[04-30-2005 - 04:05:17]  'HEAD'
[04-30-2005 - 04:05:17]  'POST'
[04-30-2005 - 04:05:17] Only the following extensions will be allowed:
[04-30-2005 - 04:05:17]  '.htm'
[04-30-2005 - 04:05:17]  '.jpg'
[04-30-2005 - 04:05:17]  '.gif'
[04-30-2005 - 04:05:17]  '.aspx'
[04-30-2005 - 04:05:17]  '.css'
[04-30-2005 - 04:05:17]  '.'
[04-30-2005 - 04:05:17]  '.zip'
[04-30-2005 - 04:05:17]  '.ico'
[04-30-2005 - 04:05:17] Requests containing the following headers will be rejected:
[04-30-2005 - 04:05:17]  'translate:'
[04-30-2005 - 04:05:17]  'if:'
[04-30-2005 - 04:05:17]  'lock-token:'
[04-30-2005 - 04:05:17]  'transfer-encoding:'
[04-30-2005 - 04:05:17] Requests containing the following character sequences will be rejected:
[04-30-2005 - 04:05:17]  '..'
[04-30-2005 - 04:05:17]  './'
[04-30-2005 - 04:05:17]  '\'
[04-30-2005 - 04:05:17]  ':'
[04-30-2005 - 04:05:17]  '%'
[04-30-2005 - 04:05:17]  '&'
[04-30-2005 - 04:05:17]  'xxx'
[04-30-2005 - 04:05:17]  'xxx'
[04-30-2005 - 04:26:19] ---------------- UrlScan.dll Terminating -----------------


Regards, Aharon.
VIDEO: mms://www.videoclassified.com/Pres1Movie30
E-Mail: adverti***@videoclassified.com
Phone: 647-212-1498
WEB: http://www.videoclassified.com/

Where is your URLScan.ini file? Your IIS logfile is showing a 404, which
means that the request could have been rejected by URLScan. Can you show us
how you have URLScan configured please? Thanks

Cheers
Ken

The below request for cmd.exe should not have reached IIS.
Could somebody please tell me what setting in UrlScan.dll am I missing?

This is what what I've found in my WEB server log file:

++++++++++++++++++++++++++++++++++++++++++++++++++++
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-04-30 03:45:40
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-04-30 04:06:31  GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir
80 - 208.210.49.246 - 404 0 64
2005-04-30 04:16:00  GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir
80 - 208.210.49.246 - 404 0 64
++++++++++++++++++++++++++++++++++++++++++++++++++++

And this is the corresponding section of UrlScan.dll LOG:

[04-30-2005 - 04:05:17] ---------------- UrlScan.dll
Initializing ----------------
[04-30-2005 - 04:05:17] URLs will be normalized before analysis.
[04-30-2005 - 04:05:17] URL normalization will be verified.
[04-30-2005 - 04:05:17] URLs must contain only ANSI characters.
[04-30-2005 - 04:05:17] URLs must not contain any dot except for the file
extension.
[04-30-2005 - 04:05:17] Requests with Content-Length exceeding 30000000 will
be rejected.
[04-30-2005 - 04:05:17] Requests with URL length exceeding 260 will be
rejected.
[04-30-2005 - 04:05:17] Requests with Query String length exceeding 2048
will be rejected.
[04-30-2005 - 04:05:17] Only the following verbs will be allowed (case
sensitive):
[04-30-2005 - 04:05:17]  'GET'
[04-30-2005 - 04:05:17]  'HEAD'
[04-30-2005 - 04:05:17]  'POST'
[04-30-2005 - 04:05:17] Only the following extensions will be allowed:
[04-30-2005 - 04:05:17]  '.htm'
[04-30-2005 - 04:05:17]  '.jpg'
[04-30-2005 - 04:05:17]  '.gif'
[04-30-2005 - 04:05:17]  '.aspx'
[04-30-2005 - 04:05:17]  '.css'
[04-30-2005 - 04:05:17]  '.'
[04-30-2005 - 04:05:17]  '.zip'
[04-30-2005 - 04:05:17]  '.ico'
[04-30-2005 - 04:05:17] Requests containing the following headers will be
rejected:
[04-30-2005 - 04:05:17]  'translate:'
[04-30-2005 - 04:05:17]  'if:'
[04-30-2005 - 04:05:17]  'lock-token:'
[04-30-2005 - 04:05:17]  'transfer-encoding:'
[04-30-2005 - 04:05:17] Requests containing the following character
sequences will be rejected:
[04-30-2005 - 04:05:17]  '..'
[04-30-2005 - 04:05:17]  './'
[04-30-2005 - 04:05:17]  '\'
[04-30-2005 - 04:05:17]  ':'
[04-30-2005 - 04:05:17]  '%'
[04-30-2005 - 04:05:17]  '&'
[04-30-2005 - 04:05:17]  'xxx'
[04-30-2005 - 04:05:17]  'xxx'
[04-30-2005 - 04:26:19] ---------------- UrlScan.dll
Terminating -----------------


Regards, Aharon.
VIDEO: mms://www.videoclassified.com/Pres1Movie30
E-Mail: adverti***@videoclassified.com
Phone: 647-212-1498
WEB: http://www.videoclassified.com/

++++++++++++++++++++++++++++++++++++++++++++++++++++++
[options]

UseAllowVerbs=1                ; If 1, use [AllowVerbs] section, else use
the
                               ; [DenyVerbs] section.

UseAllowExtensions=1           ; If 1, use [AllowExtensions] section, else
use
                               ; the [DenyExtensions] section.

NormalizeUrlBeforeScan=1       ; If 1, canonicalize URL before processing.

VerifyNormalization=1          ; If 1, canonicalize URL twice and reject
request
                               ; if a change occurs.

AllowHighBitCharacters=0       ; If 1, allow high bit (ie. UTF8 or MBCS)
                               ; characters in URL.

AllowDotInPath=0               ; If 1, allow dots that are not file
extensions.

RemoveServerHeader=0           ; If 1, remove the 'Server' header from
response.

EnableLogging=1                ; If 1, log UrlScan activity.

PerProcessLogging=0            ; If 1, the UrlScan.log filename will contain
a PID
                               ; (ie. UrlScan.123.log).

AllowLateScanning=0            ; If 1, then UrlScan will load as a low
priority
                               ; filter.

PerDayLogging=1                ; If 1, UrlScan will produce a new log each
day with
                               ; activity in the form 'UrlScan.010101.log'.

UseFastPathReject=1            ; If 1, then UrlScan will not use the
                               ; RejectResponseUrl or allow IIS to log the
request.

LogLongUrls=0                  ; If 1, then up to 128K per request can be
logged.
                               ; If 0, then only 1k is allowed.

;
; If UseFastPathReject is 0, then UrlScan will send
; rejected requests to the URL specified by RejectResponseUrl.
; If not specified, '/<Rejected-by-UrlScan>' will be used.
;

RejectResponseUrl=

;
; LoggingDirectory can be used to specify the directory where the
; log file will be created.  This value should be the absolute path
; (ie. c:\some\path).  If not specified, then UrlScan will create
; the log in the same directory where the UrlScan.dll file is located.
;

LoggingDirectory=C:\WINDOWS\system32\inetsrv\urlscan\logs

;
; If RemoveServerHeader is 0, then AlternateServerName can be
; used to specify a replacement for IIS's built in 'Server' header
;

AlternateServerName=

[RequestLimits]

;
; The entries in this section impose limits on the length
; of allowed parts of requests reaching the server.
;
; It is possible to impose a limit on the length of the
; value of a specific request header by prepending "Max-" to the
; name of the header.  For example, the following entry would
; impose a limit of 100 bytes to the value of the
; 'Content-Type' header:
;
;   Max-Content-Type=100
;
; To list a header and not specify a maximum value, use 0
; (ie. 'Max-User-Agent=0').  Also, any headers not listed
; in this section will not be checked for length limits.
;
; There are 3 special case limits:
;
;   - MaxAllowedContentLength specifies the maximum allowed
;     numeric value of the Content-Length request header.  For
;     example, setting this to 1000 would cause any request
;     with a content length that exceeds 1000 to be rejected.
;     The default is 30000000.
;
;   - MaxUrl specifies the maximum length of the request URL,
;     not including the query string. The default is 260 (which
;     is equivalent to MAX_PATH).
;
;   - MaxQueryString specifies the maximum length of the query
;     string.  The default is 2048.
;

MaxAllowedContentLength=30000000
MaxUrl=260
MaxQueryString=2048

[AllowVerbs]

;
; The verbs (aka HTTP methods) listed here are those commonly
; processed by a typical IIS server.
;
; Note that these entries are effective if "UseAllowVerbs=1"
; is set in the [Options] section above.
;

GET
HEAD
POST

[DenyVerbs]

;
; The verbs (aka HTTP methods) listed here are used for publishing
; content to an IIS server via WebDAV.
;
; Note that these entries are effective if "UseAllowVerbs=0"
; is set in the [Options] section above.
;

PROPFIND
PROPPATCH
MKCOL
DELETE
PUT
COPY
MOVE
LOCK
UNLOCK
OPTIONS
SEARCH

[DenyHeaders]

;
; The following request headers alter processing of a
; request by causing the server to process the request
; as if it were intended to be a WebDAV request, instead
; of a request to retrieve a resource.
;

Translate:
If:
Lock-Token:
Transfer-Encoding:

[AllowExtensions]

;
; Extensions listed here are commonly used on a typical IIS server.
;
; Note that these entries are effective if "UseAllowExtensions=1"
; is set in the [Options] section above.
;

..htm
..jpg
..gif
..aspx
..css
..
..zip
..ico

[DenyExtensions]

;
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
;
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
;
; Also note that ASP scripts are denied with the below
; settings.  If you wish to enable ASP, remove the
; following extensions from this list:
;    .asp
;    .cer
;    .cdx
;    .asa
;

; Deny ASP requests
..asp
..cer
..cdx
..asa

; Deny executables that could run on the server
..exe
..bat
..cmd
..com
..dll
..pl

; Deny infrequently used scripts
..htw     ; Maps to webhits.dll, part of Index Server
..ida     ; Maps to idq.dll, part of Index Server
..idq     ; Maps to idq.dll, part of Index Server
..htr     ; Maps to ism.dll, a legacy administrative tool
..idc     ; Maps to httpodbc.dll, a legacy database access tool
..shtm    ; Maps to ssinc.dll, for Server Side Includes
..shtml   ; Maps to ssinc.dll, for Server Side Includes
..stm     ; Maps to ssinc.dll, for Server Side Includes
..printer ; Maps to msw3prt.dll, for Internet Printing Services

; Deny various static files
..ini     ; Configuration files
..log     ; Log files
..pol     ; Policy files
..dat     ; Configuration files
..txt

[DenyUrlSequences]
...  ; Don't allow directory traversals
../  ; Don't allow trailing dot on a directory name
\   ; Don't allow backslashes in URL
%   ; Don't allow escaping after normalization
&   ; Don't allow multiple CGI processes to run on a single request
xxx
XXX

++++++++++++++++++++++++++++++++++++++++++++++++++++++

Show quoteHide quote----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Digest access to UNC share
IIS 5.0 - Create Server Certificate Wizard
Cannot find server or DNS error
401 Unauthorized trying to read SPList Attachment - owssrv.dll
Access Denied to share with anonymous access disabled
Problem with Integrated Windows authentication on SSL connection - second times
Guest book created through Frontpage
How to remove version of IIS 6.0 on Windows 2003 Server?
Traverse rights - yet can read files. Help?
Issiung certifcates by a Windows 2000 Enterprise CA