Vulnerability Development mailing list archives
Fw: URLSCAN - Error 50. Ideas?
From: "at" <agtads () hotmail com>
Date: Mon, 15 Apr 2002 18:44:14 -0500
Hi, I'm running urlscan on IIS5.0. Below are configuration options. Periodically it's starting to write such messages into urlscan.log [04-12-2002 - 08:04:22] Client at 111.222.333.444: Received a malformed request which resulted in error 50 while modifying the 'Server' header. Request will be rejected with a 400 response. and repeat them for each new request. After this IIS is not responsive until w3svc stop/start. Look like a simple denial of service. Anybody had something like this? Any ideas? Regards Alexander [options] UseAllowVerbs=1 ; if 1, use [AllowVerbs] section, else use [DenyVerbs] section UseAllowExtensions=0 ; if 1, use [AllowExtensions] section, else use [DenyExtensions] section NormalizeUrlBeforeScan=1 ; if 1, canonicalize URL before processing VerifyNormalization=1 ; if 1, canonicalize URL twice and reject request if a change occurs AllowHighBitCharacters=0 ; if 1, allow high bit (ie. UTF8 or MBCS) characters in URL AllowDotInPath=0 ; if 1, allow dots that are not file extensions RemoveServerHeader=1 ; if 1, remove "Server" header from response EnableLogging=1 ; if 1, log UrlScan activity PerProcessLogging=0 ; if 1, the UrlScan.log filename will contain a PID (ie. UrlScan.123.log) AllowLateScanning=0 ; if 1, then UrlScan will load as a low priority filter. PerDayLogging=1 ; if 1, UrlScan will produce a new log each day with activity in the form UrlScan.010101.log RejectResponseUrl= ; UrlScan will send rejected requests to the URL specified here. Default is /<Rejected-by-UrlScan> UseFastPathReject=0 ; If 1, then UrlScan will not use the RejectResponseUrl or allow IIS to log the request ; If RemoveServerHeader is 0, then AlternateServerName can be ; used to specify a replacement for IIS's built in 'Server' header AlternateServerName=NONONO
Current thread:
- Fw: URLSCAN - Error 50. Ideas? at (Apr 15)