Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Disable TRACE??

  
   Web Hosting and Web Master Forums (Home) -> IIS RSS
Next:  How to list the virtual directory with vbscript?  
Author Message
anonymous1572

External


Since: Apr 01, 2004
Posts: 4



(Msg. 1) Posted: Thu Apr 01, 2004 5:46 pm
Post subject: Disable TRACE??
Archived from groups: microsoft>public>inetserver>iis (more info?)
OK How do I disable the HTTP TRACE from IIS without running the lockdown tool? When we run it, it kills 80% of the programs we run but yet the stupid security people moan about some HTTP TRACE... Any suggestions?

Billy S.

 >> Stay informed about: Disable TRACE?? 
Back to top
Login to vote
someone9

External


Since: Aug 25, 2003
Posts: 2419



(Msg. 2) Posted: Thu Apr 01, 2004 8:24 pm
Post subject: Re: Disable TRACE?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
You can use URLScan to just disable TRACE and not anything else.

http://www.microsoft.com/technet/security/tools/urlscan.mspx

Security and functionality is balanced through judicious configuration.
Unfortunately, we still need people to make those choices because computers
haven't figured out telepathy yet.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Billy S" <anonymous DeleteThis @discussions.microsoft.com> wrote in message
news:24F0CF38-0064-4B8C-8EEC-85E14ADAD106@microsoft.com...
OK How do I disable the HTTP TRACE from IIS without running the lockdown
tool? When we run it, it kills 80% of the programs we run but yet the
stupid security people moan about some HTTP TRACE... Any suggestions?

Billy S.

 >> Stay informed about: Disable TRACE?? 
Back to top
Login to vote
user1570

External


Since: Mar 30, 2004
Posts: 3



(Msg. 3) Posted: Thu Apr 01, 2004 11:40 pm
Post subject: Re: Disable TRACE?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Billy S" <anonymous DeleteThis @discussions.microsoft.com> wrote in message
news:24F0CF38-0064-4B8C-8EEC-85E14ADAD106@microsoft.com...
 > OK How do I disable the HTTP TRACE from IIS without running the lockdown
tool? When we run it, it kills 80% of the programs we run but yet the
stupid security people moan about some HTTP TRACE... Any suggestions?
 >
 > Billy S.

Hmm.... the security people are stupid but you can't figure out how to make
your applications work with the solid configuration that Lockdown provides?
You might want to rethink your philosophy...

In addition to what David said in using URLScan (which should be the
preferred approach), you can also disable the TRACE or DEBUG verb for
particular ISAPI mappings (such as for ASP). For production systems, I
would use this as a second layer of defense.

For IIS 5.0, open the Internet Services Manager and select Properties on the
Server object. Choose Edit for the WWW Properties.
Select the Home Directory tab and then the Configuration button. Under
application mappings, select Edit. Mappings should be using the "Limit To"
set of HTTP verbs. Delete TRACE or DEBUG (in the case of IIS 6.0) and save
the mapping. You'll want to do that for each mapping.

John Alderson<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Disable TRACE?? 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
http trace - how to disable http trace support from my iis 5.0?

how do i make URLSCAN deny HTTP TRACE requests? - Did a security audit on my Outlook Web Access server today and one of the high risk vulnerabilities found claimed I should use URLSCAN to deny HTTP TRACE requests. How do I do this? I've downloaded urltrace but I can't make head nor tail of it - seems to...

DLLHOST.exe Memory leak IIS5, tools to trace? - Hi, An instance of DLLHOST.exe running on my W2K server appears to have developed a memory leak, and I can't understand where it is coming from. I've setup all the sites to run in High (Isolation) mode, so each site has its own DLLHOST.exe however COM....

ssl disable 80 - I setup SSL. Now users can see the site at port 80 and at port 443. i want to disable 80. How to? Thanks

Disable IIS cache - We are running IIS 5 on Win 2000 box, How do I disbale caching for a virtual directory on the server ? ie: http://www.company.com/sales: I want to disable caching on the sales virtual folder ( right now when I make some chages to my html pages, it..
   Web Hosting and Web Master Forums (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]