[WEB SECURITY] WASC-Articles: 'Preventing Log Evasion in IIS'
Bernard
bernard at mvps.org
Mon Aug 29 07:57:08 EDT 2005
Nice, just to addon - In IIS 6, it's not recommended to deploy Urlscan 2.5
as some of the Urlscan features are built-in with IIS 6.0. E.g. for
MaxQueryString, you can via the following reg keys:
MaxFieldLength, UrlSegmentMaxLength, and UrlSegmentMaxCount
Refer
INF: Http.sys Registry Settings for IIS
http://support.microsoft.com/?id=820129
If you try to send more the the allowed limit, you will get
HTTP/1.1 414 Request-URI Too Long\r\n
logged in httperrX.log. Too bad the query itself is again not capture in the
log file.
Regards,
Bernard Cheah
http://www.msmvps.com/bernard/
----- Original Message -----
From: <contact at webappsec.org>
To: <websecurity at webappsec.org>
Sent: Monday, August 29, 2005 9:27 AM
Subject: [WEB SECURITY] WASC-Articles: 'Preventing Log Evasion in IIS'
> The Web Application Security Consortium is proud to present 'Preventing
> Log Evasion in IIS',
> written by Robert Auger. In this paper Robert describes an issue which
> allows an attacker
> to evade multiple aspects of logging within an IIS server environment, as
> well as how to
> remediate the problem.
>
> This document can be found at
> http://www.webappsec.org/projects/articles/082905.shtml .
>
> - articles_at_webappsec.org
> http://www.webappsec.org
>
> ------------------------------------------------------------------------------------
> Are you interested in writing a 'Guest Article' for the WASC? Additional
> information
> on article guidelines may be found at
> http://www.webappsec.org/projects/articles/. Inquires
> can be sent to articles_at_webappsec.org
>
> "Contributed articles may include industry best practices, technical
> information about
> current issues, innovative defense techniques, etc. NO VENDOR PITCHES OR
> MARKETING
> GIMMICKS PLEASE. We are only soliciting concrete information from the
> experts on the
> front lines of the web application security field."
> http://www.webappsec.org
> ------------------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list