dos attacks : identical urls

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ IIS
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - IIS 6 download timeout Hi, We have a W2K3 server running IIS 6. I am trying to download a ~1.3 GB file from the server, and the download quits between 90 and 120 seconds. I don't get any error messages, and the IIS log doesn't seem to display any entries related to this error. The transfer rates are good, around 4 MB/s. Yesterday we installed SP1 and it did not fix the issue. I have tried decreasing the minimumbytespersecond entry to 50, and I have tried increasing the various timeouts in the IIS management tool to at least 10 minutes, but none of this has affected the behavior of this issue. I have logged in to the server locally and I can download the file to itself through the browser successfully. I also have a Windows 2000 server running IIS 5.0, and I was able to download the file to a client from that server. Any ideas? Thanks! Tag: dos attacks : identical urls Tag: 386890
  - 2
    - IIS Binding to ALL IP's HELP Hello, I am trying to create a second cluster group with extra NICs for OWA. For some reason even if I assign the NLB virtual IP's or IP's that belong to the cluster group, it will work only when the first site which is defaul site is UP (START). If I decide to STOP the defaul site or assign their own NLB IP everything stops working. I believe the first site is binding all IP's and doesnt let the other website work using their own IP. Anybody knows if I use the httpcfg query iplisten will this mess up the sites? Since this is a production server. Tag: dos attacks : identical urls Tag: 386889
  - 3
    - How to develop for IIS 6.0 Good morning everyone, I have a questions related to IIS server. I want to learn devleoping applicatinos for IIS. According to research it out weighs most of the development technology. My question is I don't have a server. And I don't have financial strength to buy one either. I know most of you think that I can get throught my Company, but I ran into a dead end. They will not buy for us, according to my observation that's what thier control strategy is so that their employee won't learn anything that can help them to improve thier skills and can work on the same positions for ever. I have windows XP pro. I saw an administrator working with server I have a IIS service running on windows xp pro machine, but just by comparing with the server version it looks very basic. Where I want to learn to develop applications using most of the available resources available. Can any one help me to direct me in to the right direction so I can set up my machine? Any help will be appreciated. Thanks, Tag: dos attacks : identical urls Tag: 386886
  - 4
    - IIS 6.0 logging fails Hi, I have a windows 2003 infrastructure running iis 6.0 which is controlled by application center 2000. My problem is that I have setup logging on the two front end servers but this is not working because the log files are not being created. I have noticed that the "default web site" is logging fine and is set up in the same way. Any one got any ideas? Thanks -- CHEERS, JAMOS Tag: dos attacks : identical urls Tag: 386884
  - 5
    - www.kenminds.com www.kenminds.com contact us kencilbox@yahoo.com Tag: dos attacks : identical urls Tag: 386881
  - 6
    - www.kenminds.com www.kenminds.com contact us kencilbox@yahoo.com Tag: dos attacks : identical urls Tag: 386880
  - 7
    - IIS Server Variables which contain user name I've got an IIS5 box which I need - or would like to change the server variables of the user in the AUTH_USER, LOGON_USER, REMOTE_USER fields Normally these variables would read DOMAIN\Username but I need to lose the DOMAIN\ part of the variable for scripts and process my web team use. Is this possible?? Any help would be great Paul Tag: dos attacks : identical urls Tag: 386877
  - 8
    - Quick lunch to the "inetpub" -folder Hi Champs Is there a quick lunch to the inetpub folder, like %user profile% and %systemroot% etc? Tag: dos attacks : identical urls Tag: 386871
  - 9
    - problems with service www Hi =), Maybe somebody here knows the way to fixed my problem with the IIS, i have a server with w2003 sp1, i don't know why the service IIS stoped, i tried to start the service but when are in the service world wide web publishing service send the message "error 1053 the service did not respond to the start or control request in a timely fashion". I check and install the last update for the Microsoft .NET Framework, and the problem is that i have to restart the server, is possible to start or stop this service IIS or www without to restar the server?. In the Event viewer i don't list any problem. Other cuestion, is normal that .NET Runtime Optimization Service appear like started in the services and event viewer i see the event_ID:1104 with description .NET Runtime Optimization Service(clr_optimization_v2.0.50727_32) - Completed all work. Shutting down? At this moments, i can't understeand why the IIS service failed,and if i tried to start or stopped firts the www service don't let me do it....well if somebody knows other way to fixed this Gracias Totales adriana Tag: dos attacks : identical urls Tag: 386864
  - 10
    - SMTP/POP3 servers I am sorta' lost. First, I am using IIS6.0 (Win2K3 SP1 machine) and the web sites use host headers. I have set up a virtual (not the default) SMTP server and POP3 server on my Win2K3 SP1 machine. I can use an ISP email client and send an email to my server. It arrives in the Queue folder just fine, but never gets delivered. Since I created a virtual SMTP server, I was expecting the Badmail, Drop, Pickup, and Queue folders to be on DifferentDriveLetter:\foldername folder (there were no Mailbox, Route, SortTemp folders) ... well, they were there - less the other ones. But, when I created POP3 server, these same folders (along with some other folders: Mailbox, Route, SortTemp) were created on the C:\Inetpub\mailroot folder and the Mailbox folder on the C-drive contained the usernamer.mbx file. Thus, when an incoming email arrived, it went to the DifferentDriveLetter:\foldername\Queue folder and just sat there and was never delivered. It would never appear in the Drop folder on this drive and in the MS Outlook Express 6 inbox. Why does the POP3 server place the Badmail, Drop, Pickup, Queue, etc folders on C:\Inetpubmailroot drive and not on the DifferentDriveLetter:\foldername (where the virtual SMTP server created it's folders/files)? Can anyone help me????? What am I doing wrong????? -- NuBee Tag: dos attacks : identical urls Tag: 386859
  - 11
    - IIS caching .css files I'm making changes to a .css file on a live web site however I can not see the changes sent out by the web server. I'm looking directly at the .css file in the browser and it's not changing. I am looking at the correct folder, URL, etc... I have also tried adding the no-cache header without any luck... Any ideas? Tag: dos attacks : identical urls Tag: 386858
  - 12
    - Multiple SSL Certs I currently have two different SSL certificates running on the same Windows 2000 Server. However, when I assign a site to the newly created cert, it does not use it, it defaults back to the original cert (the one that was created first). How can I get a site to use a different SSL cert? Tag: dos attacks : identical urls Tag: 386853
  - 13
    - WEBSITE ACCESS ONLY INTERNALLY Our website was working fine up until yesterday. There hasn't been any changes in the system. Now, I can not access the website externally. Is there some type of test I can do to see what is causing the issue? Our email server is working fine. The website has its own server running IIS 6. Thank you for your help in advance. Tag: dos attacks : identical urls Tag: 386852
  - 14
    - Website Operators in IIS6 / Win2003 What is the recommended method for making a person with user-level only privileges a web site operator? I followed the link below without much success. http://www.iis-resources.com/modules/AMS/article.php?storyid=377 Thanks in advance, J Wolfgang Goerlich Tag: dos attacks : identical urls Tag: 386851
  - 15
    - how to check whether IIS is up and running Hi, We have IIS 5.0 and IIS 6.0 running on different Windows servers, I need to check whether it is up and running periodically (probably every 10minutes). If its down somebody has to be notified thro email. Thanks in advance Rajesh Tag: dos attacks : identical urls Tag: 386850
  - 16
    - Assembly permission error after uploading ASP .Net applicaion I have been banging my head against the wall for a day now wondering WHY this application works perfectly on my development machine but falls on its face when I upload it to our web server (WS2k3, IIS 6, running Sharepoint Server). As soon as I uploaded the page, I recieved the error below regarding one of the libraries included in the project with line 206 being highlighted in red: I am wondering if the server having Sharepoint Server installed (not just Sharepoint Services) is causing it to have increased security? Do I HAVE to make this a strongname assembly? If so, can I create the key and whatnot on my development workstation and use that same key on the web server? I am the first to admit that I need quite a bit of guidance with this problem. My patience with IIS6 and Sharepoint is running quite thin. Thank you!!! John Server Error in '/Register' Application. -------------------------------------------------------------------------------- Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: Assembly efoundation.client.dll security permission grant set is incompatible between appdomains. Source Error: Line 204: <add assembly="System.EnterpriseServices, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> Line 205: <add assembly="System.Web.Mobile, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> Line 206: <add assembly="*"/> Line 207: </assemblies> Line 208: </compilation> Source File: c:\windows\microsoft.net\framework\v1.1.4322\Config\machine.config Line: 206 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300 Tag: dos attacks : identical urls Tag: 386847
  - 17
    - When submitting XML to https server, then got error in VB.Net 2003 but for http is work properly well Dear Guru, I need your help/suggestion , thanks Dim mnode As MSXML2.IXMLDOMNode Dim objXMLHTTP As New MSXML2.XMLHTTP Dim objOutputXMLDoc As New MSXML2.DOMDocument30 Dim xml_send As MSXML2.DOMDocument30 Dim strXML As String strXML = strXML & "</n1:CREATE__CompIntfc__TFB_OHOH></env:Body></env:Envelope>" objXMLHTTP.open("post", "http://xxx.xxx.com:8016/PSIGW/HttpListeningConnector", False) 'PRD 'objXMLHTTP.open("post", "https://yyy.yyy.com:8888/PSIGW/HttpListeningConnector", False) objXMLHTTP.setRequestHeader("Content-Type", "text/xml;charset=UTF-8") 'objXMLHTTP.setRequestHeader("SOAPAction", "#TFB_MOBILE_CI#TFB_MOBILE_NODE") objXMLHTTP.send(strCreateAct Posted via DevelopmentNow.com Group http://www.developmentnow.com Tag: dos attacks : identical urls Tag: 386846
  - 18
    - Cannot Get IIS6 Custom ASP Error to work I have an IIS5 website (written ages ago...late 90s). It uses a custom 404 error page (404.asp) to perform some processing and tailor the error page accordingly. I have migrated the site to a Windows 2003 Server running IIS6. I have enabled the ASP Web Service Extension, the site works just fine with the custom error message being the lone exception. I have configured the custom error as follows: IIS Manager Select Website, right-click choose properties Select Custom Errors tab Select 404 error Select Edit Select URL as message type Set URL = /<Website directory>/Errors/404.asp The Internet Guest Account should have access to all of the website. When I try to invoke a 404 error all I get returned is this: "The system cannot find the path specified." The IIS Logs show this information (obsfucted IP's) log from one that works (old site running on IIS5) 2006-08-22 20:37:24 10.*.*.* - W3SVC7 <WEB_SERVER_NAME> 10.*.*.* 80 GET /errors/404.asp 404;http://10.*.*.*/<PageDoesNotExist> 200 0 0 578 640 HTTP/1.1 10.*.*.* Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET+CLR+2.0.50727) log from one that fails (new server IIS6) 2006-08-22 20:19:32 W3SVC723143 10.*.*.* GET /<PageDoesNotExist> - 80 - 10.*.*.* Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 404 0 2 Is there something I am missing? Is it possible to have an ASP page executed as a custom error page in IIS6...I would think so and that I have it configured incorrectly but I cannot seem to find any document that tells me to do anything different. Thanks James Tag: dos attacks : identical urls Tag: 386844
  - 19
    - IIS6, ActiveX, and database access I'm migrating a legacy intranet site from an IIS5 to IIS6 server. The site uses ActiveX DLLs to access a SQL database. The problem is that everything runs fine when hitting localhost from the server, but the database access appears not to work. Each page gets the Windows logon name and converts it to an ID: ----- set obj = server.CreateObject("TN.CClassName") strUserName = Request.ServerVariables("LOGON_USER") lngUserID = Session("UserID") if lngUserID = "" or lngUserID = 0 then lngUserID = obj.GetUserID(strUserName) Session("UserID") = lngUserID if lngUserID = 0 then Response.Redirect "Errors/UnknownUser.asp?User=" & strUserName end if end if ----- Since a remote request always winds up on the UnknownUser page, I'm assuming that the DLL is fine but can't get to the database (since the CreateObject call didn't fail, and since all is well from localhost). It's obviously a permissions issue, but where? Thanks, David Tag: dos attacks : identical urls Tag: 386841
  - 20
    - 405 Error with WebDAV - affecting OWA We've recently run the transition pack to move from SBS Premium to seperate components, all still on the same server at present. Since doing so we've been unable to use the Outlook Web Access premium client. I've tracked this down to IIS returning a 405 HTTP Verb is not allowed when a HTTP SEARCH request is made to IIS. The log file for IIS shows the following: 2006-08-22 14:45:41 192.168.234.1 GET /exchweb/6.5.7651.25/controls/tf_Messages.xsl - 80 - 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0 2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Inbox/ - 80 rse\richardba 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 405 0 0 2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Calendar - 80 - 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 401 2 2148074254 2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Calendar - 80 rse\richardba 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0 2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Tasks - 80 - 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 401 2 2148074254 2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Tasks - 80 rse\richardba 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0 2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Calendar - 80 rse\richardba 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 405 0 0 2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Tasks - 80 rse\richardba 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 405 0 0 2006-08-22 14:46:15 192.168.234.1 GET /exchange/ - 80 - 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 401 2 2148074254 2006-08-22 14:46:15 192.168.234.1 GET /exchange/ - 80 rse\richardba 192.168.234.125 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 200 0 0 I'm not sure as to whether this is an issue in IIS or with Exchange (hence posting similar question here and Exchange newsgroup) As far as I can work out SEARCH is a WebDAV request - what is the best way of checking if WebDAV is working correctly? And does anyone have any ideas on how to rectify this? Thanks, --Richard Burns-Allan DipComp DipIT BSc(Hons) MBCS MCSA(2000 & 2003) MCSE(NT4, 2000, 2003) Security+ IT Systems Engineer Ross-shire Engineering Limited Tag: dos attacks : identical urls Tag: 386835
  - 21
    - Newbie: all http redirect to https problem Hi all, 1. I am using Windows 2003 Server SP1 with IIS 6.0. 2. I installed a server certificate and put it in DWS (Default Web Site) level. 3. When I entered "http://mydomain.com" or "https://mydomain.com" from any client computer, it came up fine. 3. I also went into DWS -> Properties -> Directory Security tab -> Secure Communications -> Edit -> tick Require SSL + require 128-bit encryption 4. By doing above, if I enter "http://mydomain.com", it will return 403.4 error message while "https://mydomain.com" comes back fine. 5. I copied a "http redirect to https" asp program from the Internet and I put it in the root level i.e. c:\inetpub\wwwroot\403-4.asp (this program is listed at the end of this message) 6. I went into DWS -> Properites -> Custom Errors tab. I changed the 403;4 entry and put an enry with Message Type: URL and URL pointing to /403-4.asp. 7. I then restarted IIS Admin Services 8. I went to a client machine and entered "http://mydomain.com" in IE 6. 9. It came back with "You are not authorized to view this page". At the bottom of the page is 'HTTP Error 403 - Forbidden 10. I created a test program called c:\inetpub\wwwroot\test.asp and I was able to bring it up by entering "https://mydomain.com/test.asp" (this program just have one line displaying "hello"). However, when I entered this entry in the customs error tab, I got the same error as in step 9 when I entered something like "http://mydomain.com" (I was expecting it to redirect to test.asp). Can anyone please help me? <% If Request.ServerVariables("SERVER_PORT")=80 Then Dim strQUERY_STRING Dim strSecureURL Dim strWork strQUERY_STRING = Request.ServerVariables("QUERY_STRING") strWork = Replace(strQUERY_STRING,"http","https") strWork = Replace(strWork,"403;","") strSecureURL = strWork Response.Redirect strSecureURL End If %> Tag: dos attacks : identical urls Tag: 386832
  - 22
    - Handling File Open Dialog Box eventts Hi all, 1. We are developing asp application 2. We dont have the privileges to touch the application 3. If the client request a file by clicking on a link (link consists of word file) 4. Open save dialog box raises. If he clicks open, he should be able to open the file 5. If he clicks save, he should be able to save the file in the clients hard disk 6. If he clicks cancel, nothing should happen. Open dialog box should unload 7. My questions is...... How to handle these events i.e., how can I know the user clicked cancel button or open/save button. 8. Since I do not have the privileges to touch the asp application, I would like to use ISAPI filters to know the client side click event of open/save dialog box 9. Especially, I would like to know the cancel button event Please Help me out in solving this problem. Tag: dos attacks : identical urls Tag: 386828
  - 23
    - HTTP/1.1 New Session Failed Dear Support, Every few days I receive the following error when visiting my website: HTTP/1.1 New Session Failed Rebooting my server temporarily solves the problem, but again after a few days the problem re-occurs. I'm using Windows Server 2003 x64 and IIS6. The nearest I can find in the MS KB is relating to IIS4 - http://support.microsoft.com/default.aspx/kb/210842 Many thanks! Tag: dos attacks : identical urls Tag: 386825
  - 24
    - two iis..want to link them I have two servers...Server1 is a w2k server with iis 5.0 that has exchange server 2k with Outlook Web Access abilities. Server2 is a w2k3 server running iis 6.0 and does not have exchange server on it. I want my employees to be able to go to our website (hosted on Server2) and be able to access Outlook Web Access that is setup on Server1. Does anyone know of how this can be done? Thanks in advance, Jason Cochrane Tag: dos attacks : identical urls Tag: 386819
  - 25
    - double authentication request We have a website that has a basic authentication section to it with the username/password assigned to users for read access to specific portions of the site. They are able to authenticate fine and browse the site, but when they click on a link to a powerpoint file .ppt, it prompts them for their same credentials again using IE. It does not do this when the user browses the site with firefox. Is there anything I can do on the server or client side of things to change this behavior and eliminate the 2nd authentication request on IE. Any help would be greatly appreciated. Pete Tag: dos attacks : identical urls Tag: 386817
- Next
  - 1
    - starting IIS 5 on win2000 I posted to inetserver.asp... and they suggested that I post here for a better response. The problem I am having is that I can't get my IIS server to run. I have the following error message listed in my event viewer: The authentication service is unknown I actually have several error messages that I should fix, but for now can you point me in the right direction or give me some insight as to why this could happen? Any insight would be greatly appreciated as I have spent the last couple of days googling and searching Microsoft for ideas on how to move forward. Thank You Kevin Raleigh -------------------------------------------------- I am running a win2000 w/ all patches installed Zone alarm firewall intel 10/100 nic card dsl - enabled matrox G550 vid card NVIDIA nForce MCP Networking Controller disabled Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 #2 - disabled ---------------------------------------------- Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7023 Date: 8/22/2006 Time: 11:30:15 AM User: N/A Computer: NONE Description: The World Wide Web Publishing Service service terminated with the following error: The authentication service is unknown. Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7023 Date: 8/22/2006 Time: 11:30:15 AM User: N/A Computer: NONE Description: The Simple Mail Transport Protocol (SMTP) service terminated with the following error: The authentication service is unknown. I also have these errors, maybe they are the cause, maybe they are something else entirely. I don't know. Event Type: Error Event Source: Server Event Category: None Event ID: 2505 Date: 8/22/2006 Time: 11:30:08 AM User: N/A Computer: NONE Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E5287FE6-0BB2-4E96-9DE3-1524567FA5E5} because another computer on the network has the same name. The server could not start. Data: 0000: 34 00 00 00 4... Event Type: Error Event Source: NetBT Event Category: None Event ID: 4319 Date: 8/22/2006 Time: 11:30:08 AM User: N/A Computer: NONE Description: A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Data: 0000: 00 00 04 00 01 00 54 00 ......T. 0008: 00 00 00 00 df 10 00 c0 ....ß..À 0010: 01 01 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 21 01 10 ac !..¬ Tag: dos attacks : identical urls Tag: 386816
  - 2
    - server certificate from cert service Greetings I have an IIS website that I need to enable SSL for. I am familiar with the process of generating a certificate request from IIS and I have done that and generated a certreq.txt file. For this we didn't need a verisign certificate so we installed certificates services on a Windows 2003 box as a standalone CA. I copied the file over to the CA server and had it generate a certificate, no problem. However what I can't figure out is how to get it to generate a .cer file that I can copy back to the web server and install in IIS. I'm not sure how to complete the process once the CA server has generated a certificate. With verisign I always got a file back that I installed on the web server. What am I missing here? thanks Colin PS - the CA server is a 2003 box that is a domain controller, the IIS server is win2k Tag: dos attacks : identical urls Tag: 386814
  - 3
    - Help getting IIS to run on Win XP Pro I need to have IIS running on my laptop for some demo applications. I went into control panel and installed the IIS components, did the reboot and all that. But, when I try to test the installation (http://127.0.0.1/) I get a Page Cannot be Displayed error message. In the MS troubleshooting guide, it says to ping the server, etc. I can do all that, they come back fine. (localhost, 127.0.0.1, servername, IP address), but all return the same error message. I've opened inetmgr and stopped and restarted the IIS server and the default web page, still no luck. This is on a clean refresh from the Compaq recovery disks for the laptop (Compaq V4440US), without any antivirus running. I don't have any anti-virus or firewall that I can find running. I turned the MS Firewal off as well. The only odd thing that I noticed is the MS page (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/iiiisin2.mspx?mfr=true) says there should be an asterik between the logo and the server name. On my screen, there isn't one. I don't know if that makes a difference or not, but other than that, it appears like it should be running. Anyone got an idea of where to try next? Thanks! Norman Tag: dos attacks : identical urls Tag: 386811
  - 4
    - Session State Server vs SQLServer Hello and thank you for taking the time to read this. I have been put in charge of re-architecting a moderately busy Internet Site. Our daily logs are approximately 300MB with all of our virtual servers combined and many of the subwebs are ASP.NET applications. I am going to propose an architecture of 2 Dell Power Edge 1850 servers clustered via Network Load Balancing (NLB). I want users to not miss a beat if the servers failover in the middle of their session(s). This means that the Session State will need to be maintained on a seperate server. My question is this: "Should I use a Session State Server using the session state service or should I opt for the SQLServer option?" I think that it should also be said that I don't want the failure of any one single server to take the entire web down, so I am thinking that I may even want to have some redundancy for the Session State solution as well. Other wise if the Session State server or SQL Server goes down, then the entire web goes down. Your thoughts and input is appreciated. Thanks, Rob Tag: dos attacks : identical urls Tag: 386808
  - 5
    - What's the best way to create 8000 student sites? Hi All, I'm working in a University setting, and I'm setting up a new IIS 6 web server for the student population. I've created a website students.domainname.edu. I would like each students web address to be students.domainname.edu/userid. The web content is stored on another server. My planned approach is to create a virtual directory for each user under this new web site with a name equal to their user id. I have 2 questions: 1- Would this approach be considered "best practice", or is there a better way to do this? 2- Can anyone direct me to code or a resource that would help me automate the creation of these virtual directories with vb script? I started playing with the iisvdir /create command but it does not appear that this would work in vbscript code, and it doesn't allow me to set all the settings I need to configure. Any and all guidance will be greatly appreciated. Thanks in advance for your time! Tag: dos attacks : identical urls Tag: 386806
  - 6
    - Cannot download .mdb files. Error 403.1. Hi, I need to make certain access database files (.mdb) available for download from our IIS website. Clients must use the url to download the file. For example, http://mysite/download/inventory.mdb Clients are able to download text files and zip files just fine. The following urls seem to be working: http://mysite/download/customer.txt http://mysite/download/inventory.zip However, when a .mdb file is specified in the url, we get a 403.1 (Forbidden) error. Is there some configuration setting under IIS to enable download of .mdb files? I failed to find one. Thank you in advance for your help. Pradeep Tag: dos attacks : identical urls Tag: 386803
  - 7
    - Multiple requests for passwords I'm running a very simple HTML page on IIS 6. It asks for a password when intially accessing the site, which is what I want. But it then asks for the same credentials when people click on a link. It only does this one time, as soon as they enter thier credentials the second time they are good to go. Is there a way for me to stop IIS from asking the second time and still keep the website secure? Tag: dos attacks : identical urls Tag: 386798
  - 8
    - force web root into https; redirect issues We are running our site at www.waynesavings.com on secure hosting (Server 2003, IIS). We are using a custom 403.4 error page (called 403_4.asp, located under root) to redirect all users to https if they come in on http. The site is also using an instant refresh on the index.htm page under root to www.waynesavings.com/aboutus/home.htm due to issues with the javascript menus used on the site. The code we're using on the custom 403 page is this: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <% If UCase(Request.ServerVariables("HTTPS")) = "OFF" Then '''get page sRedirect = "https://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("PATH_INFO") & Request.Querystring Response.Redirect sRedirect End If %> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> </body> </html> It does the job just fine. However, if somebody has bookmarked a non-secure page (e.g. http://www.waynesavings.com/rates/index.htm), it will redirect the user NOT to the equivalent https page, but to the secure home page instead. Any input? If I can't get this solved, we'll just turn something bad into something good and encourage people to rebookmark the respective pages, but the perfectionist in me would like to see this solved. Thanks! Tag: dos attacks : identical urls Tag: 386796
  - 9
    - help with IIS console bug: virtual directory beneath webapp disappears KB308179 talks about disappearing virtual directories. I have upgraded my WinXP Pro development PC to SP2, which supposedly contains the hotfix mentioned there. But in the IIS Management console, I still cannot see virtual directories that were created beneath my web applications. The virtual directory has been configured not to be an application; it merely points to another physical location on the drive where some 3rd party web controls are kept, centrally, so that can be shared among multiple applications. The virtual directories are displayed in the management console's treeview immediately after being created, but at some point (not sure when), they cease to appear. They still exist, because if I try to recreate the virtual directory, I get an error that the name is not unique. Where can I find the definition of the virtual directory so I can edit the properties (i.e. the actual path)? How is this bug repaired? Thanks Liam Tag: dos attacks : identical urls Tag: 386788
  - 10
    - IIS6 and ASP.NET tab on Web Sites folder The properties on the "Web Sites" folder in IIS6 is defaulted to ASP.NET Version 1.1.4322 and is greyed out. When I create a new web site it always defaults it to ASP.NET version 1.1.4332 however I would like it to default to ASP.NET 2.0.50727 which I run on all my sites including the the ones developed in ASP.NET 1.1 (I use the "Legacy" comand in our web.config sothey work correctly). The reason I want to change this is because if I make a change to the "Web Sites" folder it changes all of my web sites to ASP.NET 1.1. The of course they don't work any longer until I change them all back to ASP.NET 2.0. For some this wouldn't be a problem however I am currently running over 20 websites and growing on this server and each time I make a change (not very often) I have to change all of the rest of the web sites. So, my question how do I default to ASP.NET 2.0? Tag: dos attacks : identical urls Tag: 386785
  - 11
    - IIS 6.0, IUSR_, Guests and access to this computer from the networ We have a Windows application which uses HTTP .Net Remoting to use Business components hosted under IIS 6.0. I have found that the Windows App can't talk to the hosted components while the web server has the following GPO applied under active directory: "Deny access to this computer from the network". The Guests group is in this GPO. The IIS anonymous user IUSR_* is a member of this group. I have found two workarounds which do not involve changing the GPO's: 1) Remove IUSR_ from the Guests group (why is IUSR_ in this group?) 2) For this application hosted in IIS change the Anonymous Access Windows user account to a different user which isn't in the Guests group such as a domain user Can anyone tell me whether one of these solutions is less secure than the other? Thanks in advance John Tag: dos attacks : identical urls Tag: 386783
  - 12
    - Secure sub web, but not web root I've been asked to look at someones IIS issues and have found the following (IIS 6.0)... - The 'Default Web Site' is the company's external website - Within the default web they have sub webs for checking mail externally etc - The sub webs need to remain within a secure environment - The company's external website does not Can I remove the Default Web Site security so it does not require a certificate, but keep the subwebs using the certificate? Or would removing the certificate from the Default web automatically remove it from the subwebs? Moving the external website to a new web is not an option as getting the staff to know the difference between http and https is apparently a problem (i.e. they will simply want to type http://www.sitename.co.uk/exchange and get to the external web mail). I could write a script that simply redirects to https:// but this is hardly ideal. Tag: dos attacks : identical urls Tag: 386781
  - 13
    - Enable themes? Hi all I just put my new website (created with web express 2005) on my W2K3. I enabled asp 2.0 and enabled themes. How come I cannot see the themes? :( TIA Guy Tag: dos attacks : identical urls Tag: 386780
  - 14
    - ftp freezes on same file on w2k pro always Hi, I have FTP running on 2003 web edition. When trying to copy a file between it and a W2k pro machine (IE6) the damn thing always freezes after 10 seconds at the same point. The file is only 468kb. The same thing happens when using a command prompt to transfer. Anyone know why this happens or how to trouble shoot ? FTP connection from this server at customer sites seem to be fine. Any troubleshooting tips ? Thanks for any help Scott Tag: dos attacks : identical urls Tag: 386778
  - 15
    - Firewall exception for IIS ? Hi all I am running W2K3 When the firewall is on (Microsoft firewall) - the website does not display on external machines. Which exception should I add manually to the firewall? TIA Guy Tag: dos attacks : identical urls Tag: 386777
  - 16
    - Directory Securiy: UNCPassword and AuthFlags I am using the Altiris system management web service on IIS6.0. The Directory Security is fairly straightforward: all the virtual directories have Windows Integrated authentication, and some of them allow Anonymous. I need to change the authentication method to be Digest, so it can work across firewalls. When I remove WIA and add Digest, I am prompted by UNCPassword and AuthFlags inherited properties. My problem is that (it seems) if I say Yes, the wrong Anonymous settings are applied. If I say No, the changes I wanted to make are not applied. I have searched on AuthFlags and UNCPassword and I am none the wiser. What is the correct technique for adding or removing one authentication, without changing what is Anonymous or not? I want to leave the permissions in as much of a default state as possible. For example, if one virtual directory is inheriting security from another, I'd like to leave it inheriting even if I change the method used. Thanks, Anthony Tag: dos attacks : identical urls Tag: 386776
  - 17
    - unable to connect successfully to the destination server. My server (Win 2000 SP4, IIS,Virtual SMTP, no authentication needed) stopped delivering messages and messages sent by using ASP scripts are stuck in the queue folder. Later I get the following message, together with the undelivered message: This is an automatically generated Delivery Status Notification. Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server. the same script was working fine previously and now it is unable to send mail . also i ve checked the recipent domain thru telnet and i got the reponse from the destination server. also i ve enabled smtp loggging but i dont get any log messages why? Plz help me to resolve this issue becoz i am a newbie to these kind of issues . Thanks in advance. Tag: dos attacks : identical urls Tag: 386773
  - 18
    - Windows 2003 and IIS 6 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C6C5D3.C8BB3080 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: quoted-printable Dear All, Recently, I am struggle from the IIS 6.0 high loading problem.The = w3wp.exe keep occupied a lot of memory and CPU resources, may I know are = there any utilities can help to find out what w3wp is busy on? Thank = you. Neo@theone ------=_NextPart_000_0008_01C6C5D3.C8BB3080 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dbig5"> <META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV><FONT face=3DArial size=3D2>Dear All,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Recently, I am struggle from the IIS = 6.0 high=20 loading problem.The w3wp.exe keep occupied a lot of memory and CPU = resources,=20 may I know are there any utilities can help to find out what w3wp is = busy on?=20 Thank you.<BR><BR>Neo@theone</FONT></DIV></BODY></HTML> ------=_NextPart_000_0008_01C6C5D3.C8BB3080-- Tag: dos attacks : identical urls Tag: 386772
  - 19
    - Urgent help needed Windows 2003 Server. IIS 6.0 Website is running in separate application pool. I keep getting timeout problem. and the CPU is max 25%. The calculation runs more than 15 minutes. I tried to check CPU monitoring option for the application pool and I set to MAX 100% CPU usage. It didn't help. CPU is still 25%. I didn't restart the server though. There is no time to rewrite the code to improve performance. Thanks -fj Tag: dos attacks : identical urls Tag: 386771
  - 20
    - IIS 6 404 Page not found error Hi all, I hope somebody has a solution to my problem. I'm running an ASP.NET 1.1 application that has no problems on W2000 servers. I was working with a client today and we can't get the application to run at all. He just setup a new W2003 Standard server. We installed IIS from the Windows CD. Then we installed the 1.1 Framework from Windows Update. I copied the ASP.NET application to a folder on C:\ of the intranet server. Then created a Virtual Directory pointing to the application. I made sure that the Framework was registered in IIS and that Default.aspx is listed in the Documents tab. For some reason we can't get the app to run on this particular server. I've run it in XP, Win 2003 SBS and Win 2000 Servers in that past without an issue. However today I checked a Win 2003 Standard R2 SP1 server in my office and the app won't run there either. We made sure that domainname\ASPNET account was configured and even gave explicit permissions to the account for the application folder. We can run iisstart.htm but cannot run the aspx files. Let me know if you need more information. Thanks Tag: dos attacks : identical urls Tag: 386769
  - 21
    - Re: Regards, laura.biding@ntlworld.com Tag: dos attacks : identical urls Tag: 386768
  - 22
    - Re: Regards, teresa.greene@bigfoot.com Tag: dos attacks : identical urls Tag: 386767
  - 23
    - Use global assembly cache for referenced assemblies I need some direction on how to configure IIS to use assemblies from the GAC instead of bin. I install assemblies in the GAC but IIS 6.0 doesn't find them. What's the secret? Many thanks... -- John H Clark www.weownit.coop Tag: dos attacks : identical urls Tag: 386764
  - 24
    - localhost v/s domain.name Hi I have implemented a webservice with windows authentication. It works when i call it as localhost/site/service.asmx but does not work as mysite.site.com/site/service.asmx ( authorisation failed) i have an entry in the host file for that domain. What do you think is the problem. Thanks all in advnace Tag: dos attacks : identical urls Tag: 386762
  - 25
    - ASP & ASP.NET beheave different depending on load order Hi, this is a weird behavior, and haven't seen any reference to this on google... I have a W2K Server machine, running IIS. On this IIS I have 5 different ASP applications, which all runned fine for years... Now, I installed an ASP.NET Web Services. The service works fine on the development machine, and worked fine the 1st time I runned it on the Server. BUT HERE'S THE PROBLEM: - I restart the server - IF I hit an ASP (plain ASP) application first, then the ASP.NET WebService, all applications work fine. - BUT I start the ASP.NET application first , then the ASP (plain ASP) application won't start. None of them work, but the WS. All ASP application show ADO error 0x80004005. I tried that restarting the server at leat 10 times. All times the behavior was the same: if ASP app was hit first, all worked fine, but wrong if the order was inverted. Any idea? WHAT should I do in order to load whatever necesary, as if the ASP app was hit first? (like simulate the hit, so all applications work as expected) Thanks in advance! Sebastian *** Sent via Developersdex http://www.developersdex.com *** Tag: dos attacks : identical urls Tag: 386756

How to eliminate a DOS attack that bombards a site with identical URL
requests ? ( for example: an URL that causes content to be retrieved from a
file , a web-service , a call to a sproc , or any other resource with a
relative high latency )

Is there a config or an add-on that will cause IIS to deny requests if too
many identical requests are queued ? (or the identical request has recently
occurred too frequently )

Top

Re: dos attacks : identical urls by Steven

Steven
Thu Aug 24 13:26:19 CDT 2006

Get yourself a router with anti-DOS/hammer support ;o) (my Netgear
(DG834Gv2) comes with that as standard and since I bought mine, the price
has dropped to around £50 or so)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"John A Grandy" <johnagrandy-at-yahoo-dot-com> wrote in message
news:ec1$5m6xGHA.4232@TK2MSFTNGP05.phx.gbl...
> How to eliminate a DOS attack that bombards a site with identical URL
> requests ? ( for example: an URL that causes content to be retrieved from
a
> file , a web-service , a call to a sproc , or any other resource with a
> relative high latency )
>
> Is there a config or an add-on that will cause IIS to deny requests if too
> many identical requests are queued ? (or the identical request has
recently
> occurred too frequently )
>
>

Top