Security Basics mailing list archives
RE: ASP trouble with IIS 6.0 security
From: Bénoni MARTIN <Benoni.MARTIN () libertis ga>
Date: Thu, 29 Apr 2004 09:01:42 +0100
Humm... I was using the "include file" instead of the other one, so I will try it, cheers! The trouble I had was just sometimes and random: browsing on my website, a page displayed without any problem will not be displayed coming back to it after browsing other pages! Sometimes an ASP page with some HTML code in it gets me an "HTTP 500 error", sometimes a raw ASP (reading some intputs and redirecting to another pages according to these inputs) script gets stuck without being processed... With Mozzila, I had really less trouble, maybe IIS 6 is bugged, I do not know...that's a trouble as for debugging I take out every security option...so I am afraid when I will be hardening the web server! :( -----Message d'origine----- De : Noah [mailto:noahc () ruraltel net] Envoyé : mercredi 28 avril 2004 19:55 À : Bénoni MARTIN Cc : security-basics () securityfocus com Objet : Re: ASP trouble with IIS 6.0 security This may be completely off but have you looked at your includes or does it make reference to them in the server error you get? Alot of issues with design of include functions that worked in IIS5 but not in IIS6. Example <!--#include file="../../includes/home_sidebar_inc.asp" --> will work in IIS5 for IIS 6 you must make it virtual <!--#include virtual="/includes/home_sidebar_inc.asp" --> Noah Welshans Nex-tech Internet Solutions www.nex-tech.com ----- Original Message ----- From: "Bénoni MARTIN" <Benoni.MARTIN () libertis ga> To: <security-basics () securityfocus com> Sent: Wednesday, April 28, 2004 10:02 AM Subject: ASP trouble with IIS 6.0 security Hi community, I am running IIS 6.0 under a W2K3 box, and most of my web pages have been written in ASP with Dreamweaver 2004 (I don't think this is really important, but...). Some of my ASP pages run into trouble: sometimes they are displayed in the right way, but sometimes they create a "NTTP 500 - Internal error". Looking around the web, seems to me I am not the only one to face this trouble, but no solution has been found... Seems also that a new security feature in IIS 6.0 performs this, but which one??? I just cannot set up a Linux box with Apache as I have an SQL Server 2000... What can I do? Get back to IIS 5.x does not seems to be a good idea... Any idea will be welcomed! Cheers! --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- ASP trouble with IIS 6.0 security Bénoni MARTIN (Apr 28)
- Re: ASP trouble with IIS 6.0 security Noah (Apr 28)
- <Possible follow-ups>
- RE: ASP trouble with IIS 6.0 security Kinyon, Rob (Apr 28)
- Re: ASP trouble with IIS 6.0 security aruna (Apr 29)
- Re: ASP trouble with IIS 6.0 security K. K. Mookhey (Apr 30)
- Re: ASP trouble with IIS 6.0 security aruna (Apr 29)
- RE: ASP trouble with IIS 6.0 security Bénoni MARTIN (Apr 29)