Security Basics mailing list archives
RE: asp source code exposure
From: "Lehman, Jim" <JLehman () mail esignal com>
Date: Wed, 31 May 2006 11:52:05 -0700
I think Microsoft provides a tuil called url scan, but... it is behind a F5 BigIP. I set an iRule to filter the regex. That fixed the issue -----Original Message----- From: foo () bar com [mailto:foo () bar com] Sent: Tuesday, May 30, 2006 11:17 AM To: security-basics () securityfocus com Subject: Re: asp source code exposure Can't you use regular expressions and do URL filtering on the server side with IIS? Apache has the functionality to match requests and filter them accordingly, such as SetEnvIf Request_URI "REGEX" blah ? just scan urls for the addition of :$DATA and boom your pretty safe. DISCLAIMER: This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in error, please delete this message from your system and notify the sender immediately. An unintended recipient's disclosure, copying, distrbution, or use of this message or any attachements, is prohibited and may be unlawful.
Current thread:
- RE: asp source code exposure Lehman, Jim (Jun 01)