 |
|
|
|
Next: Customize directory browsing
|
| Author |
Message |
External
Since: Aug 31, 2004
Posts: 13
|
(Msg. 1) Posted: Tue Aug 31, 2004 10:35 am
Post subject: how to disable unneeded http methods?
Archived from groups: microsoft>public>inetserver>iis (more info?)
|
|
|
|
|
| Back to top |
|
 | |
External
Since: Oct 17, 2003
Posts: 720
|
(Msg. 2) Posted: Tue Aug 31, 2004 11:43 am
Post subject: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
You mean WebDav requests?
<a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-</a>
us;241520
doug
>-----Original Message-----
>Hi,
>
>for security, I need to disable put, delete, trace
methods for my IIS, how
>can I do it? thanks.
>.
><!-- ~MESSAGE_AFTER~ --> |
|
| Back to top |
|
| |
External
Since: Aug 31, 2004
Posts: 13
|
(Msg. 3) Posted: Tue Aug 31, 2004 11:57 am
Post subject: RE: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Thanks. I mean normal http request. I would like only allow GET POST HEAD
methods for the IIS web server.
"doug" wrote:
> You mean WebDav requests?
>
<font color=purple> > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-</font</a>>
> us;241520
>
> doug
> >-----Original Message-----
> >Hi,
> >
> >for security, I need to disable put, delete, trace
> methods for my IIS, how
> >can I do it? thanks.
> >.
> >
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Oct 17, 2003
Posts: 720
|
(Msg. 4) Posted: Tue Aug 31, 2004 12:58 pm
Post subject: RE: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
A webdav request is a normal http request. Did you look
at the KB article I sent in my first message?
doug
>-----Original Message-----
>Thanks. I mean normal http request. I would like only
allow GET POST HEAD
>methods for the IIS web server.
>
>"doug" wrote:
>
>> You mean WebDav requests?
>>
<font color=green> >> <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-</font</a>>
>> us;241520
>>
>> doug
>> >-----Original Message-----
>> >Hi,
>> >
>> >for security, I need to disable put, delete, trace
>> methods for my IIS, how
>> >can I do it? thanks.
>> >.
>> >
>>
>.
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Aug 31, 2004
Posts: 13
|
(Msg. 5) Posted: Tue Aug 31, 2004 1:31 pm
Post subject: RE: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Yes, I read the article and in fact the webDav is already disabled. But the
IIS still can accept PUT DELETE TRACE request as they are defined in rfc2068
http protocol.
"doug" wrote:
> A webdav request is a normal http request. Did you look
> at the KB article I sent in my first message?
>
> doug
> >-----Original Message-----
> >Thanks. I mean normal http request. I would like only
> allow GET POST HEAD
> >methods for the IIS web server.
> >
> >"doug" wrote:
> >
> >> You mean WebDav requests?
> >>
<font color=brown> > >> <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-</font</a>>
> >> us;241520
> >>
> >> doug
> >> >-----Original Message-----
> >> >Hi,
> >> >
> >> >for security, I need to disable put, delete, trace
> >> methods for my IIS, how
> >> >can I do it? thanks.
> >> >.
> >> >
> >>
> >.
> >
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Oct 17, 2003
Posts: 720
|
(Msg. 6) Posted: Tue Aug 31, 2004 1:43 pm
Post subject: RE: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
You can do it by extension. Say you want to disable PUT
for .asp pages. Go into the IIS Mgr, right click your
website and go to properties. Select Home Directory tab
and then configuration. Highlight .asp and click Edit.
This should work.
doug
>-----Original Message-----
>Yes, I read the article and in fact the webDav is
already disabled. But the
>IIS still can accept PUT DELETE TRACE request as they
are defined in rfc2068
>http protocol.
>
>"doug" wrote:
>
>> A webdav request is a normal http request. Did you
look
>> at the KB article I sent in my first message?
>>
>> doug
>> >-----Original Message-----
>> >Thanks. I mean normal http request. I would like only
>> allow GET POST HEAD
>> >methods for the IIS web server.
>> >
>> >"doug" wrote:
>> >
>> >> You mean WebDav requests?
>> >>
<font color=brown> >> >> <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?</font" target="_blank">http://support.microsoft.com/default.aspx?</font</a>>
scid=kb;en-
>> >> us;241520
>> >>
>> >> doug
>> >> >-----Original Message-----
>> >> >Hi,
>> >> >
>> >> >for security, I need to disable put, delete, trace
>> >> methods for my IIS, how
>> >> >can I do it? thanks.
>> >> >.
>> >> >
>> >>
>> >.
>> >
>>
>.
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Aug 30, 2004
Posts: 60
|
(Msg. 7) Posted: Tue Aug 31, 2004 11:30 pm
Post subject: Re: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Use URLScan:
<a style='text-decoration: underline;' href="http://www.microsoft.com/technet/security/tools/urlscan.mspx" target="_blank">http://www.microsoft.com/technet/security/tools/urlscan.mspx</a>
You can restrict http verbs, and quite a bit more.
"Jen" <Jen.RemoveThis@discussions.microsoft.com> wrote in message
news:8657B0CC-6896-4CC4-B2B3-E716793E8313@microsoft.com...
> Hi,
>
> for security, I need to disable put, delete, trace methods for my IIS, how
> can I do it? thanks.<!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Aug 31, 2004
Posts: 13
|
(Msg. 8) Posted: Wed Sep 01, 2004 6:31 pm
Post subject: Re: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
thanks, use urlscan affecting any performance of the web site?
"David Boyer" wrote:
> Use URLScan:
>
<font color=purple> > <a style='text-decoration: underline;' href="http://www.microsoft.com/technet/security/tools/urlscan.mspx</font" target="_blank">http://www.microsoft.com/technet/security/tools/urlscan.mspx</font</a>>
>
> You can restrict http verbs, and quite a bit more.
>
> "Jen" <Jen.TakeThisOut@discussions.microsoft.com> wrote in message
> news:8657B0CC-6896-4CC4-B2B3-E716793E8313@microsoft.com...
> > Hi,
> >
> > for security, I need to disable put, delete, trace methods for my IIS, how
> > can I do it? thanks.
>
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Aug 30, 2004
Posts: 60
|
(Msg. 9) Posted: Wed Sep 01, 2004 9:57 pm
Post subject: Re: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
No, at least nothing discernable. You're adding a filter to the chain of
things that has to touch the request, but it's not noticable.
"Jen" <Jen.TakeThisOut@discussions.microsoft.com> wrote in message
news:FB531380-0C94-49B5-A51A-2AA58C7798A6@microsoft.com...
> thanks, use urlscan affecting any performance of the web site?
>
> "David Boyer" wrote:
>
>> Use URLScan:
>>
<font color=green> >> <a style='text-decoration: underline;' href="http://www.microsoft.com/technet/security/tools/urlscan.mspx</font" target="_blank">http://www.microsoft.com/technet/security/tools/urlscan.mspx</font</a>>
>>
>> You can restrict http verbs, and quite a bit more.
>>
>> "Jen" <Jen.TakeThisOut@discussions.microsoft.com> wrote in message
>> news:8657B0CC-6896-4CC4-B2B3-E716793E8313@microsoft.com...
>> > Hi,
>> >
>> > for security, I need to disable put, delete, trace methods for my IIS,
>> > how
>> > can I do it? thanks.
>>
>>
>><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
External
Since: Sep 03, 2004
Posts: 3
|
(Msg. 10) Posted: Fri Sep 03, 2004 1:01 pm
Post subject: Re: how to disable unneeded http methods? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Did you try URLScan installed with IIS lockdown tool [0]?
TJB
[0] <a style='text-decoration: underline;' href="http://www.microsoft.com/downloads/release.asp?releaseid=33961" target="_blank">http://www.microsoft.com/downloads/release.asp?releaseid=33961</a>
>"Jen" <Jen.RemoveThis@discussions.microsoft.com> wrote in message
news:C4E87301-0475->4A20-821D-260C432F4136@microsoft.com...
>Yes, I read the article and in fact the webDav is already disabled. But the
>IIS still can accept PUT DELETE TRACE request as they are defined in
rfc2068
>http protocol.<!-- ~MESSAGE_AFTER~ --> >> Stay informed about: how to disable unneeded http methods? |
|
| Back to top |
|
| |
| Related Topics: | Two methods of authentication to same site - What is the simplest way to control access to one site ie no password if onlocal network but generic login if using external access to same site? W2k3 web server in novell environment ie no AD.
HELP: Authentication Methods error - I am getting this error when trying to do a 'Copy Project' through VS.NET. I think it has to do with IIS: Unable to create web project 'xxxx'. The web server does not appear to have any authentication methods enabled. It asked for user authentication,..
Recordset Methods not working - I m using IIS on WINNT 4.0, I m not able to use the methods AddNew and Update for the recordset object. please tell me why this happens so. The same is working on IIS 5.0 in W2k and PWS on Win98, But the same is not working on NT4.0 though I did install....
Any tools or methods to monitor the speed between web and .. - I want to know are there any free tools or simple methods that I can monitor the speed between my web server(IIS 5.0) and my db server(SQL Server 2000) in application level.(not network level) I mean how I know my ASP program is connecting to db to..
Accessing object methods in ASP pages deployed under IIS 6 - We have a web application that is implemeneted as a set of ASP pages. The application is currently deployed using Windows 2000 server and IIS 5. I'm trying to deploy the application using a windows 2003 server and IIS 6. ASP pages start complaining about... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
