????? ??????? URLScan ?? FrontPage 2000

?????? ??? ???? ???? ????? ????? ???????? ??? ????? ???? URLScan ?? Microsoft ????? ??????? ?????? (IIS). ????? ????? URLScan ?? ???? Microsoft ??? ????? ???????? ??????? ???????? ?? ??? ???????. ??? ????? URLScan ????? ???? ?????? ???? ???.

????? ?????? URLScan

????? ????? ????? ?? ????? ?? ????? ????? ??? ?? ????? ????? ? ??? ????? ?????? ??? ???? ???. ????? ?????? ???? URLScan ????? ?????? ??? ???? ??? ??????. ?????? ??? ?????? ???????? URLScan ?? ?????? ???? Microsoft ?????? ??? ?????:

????? ??? ??????? URLScan ?????????

??? ?? ?????? ??????? ????????? URLScan ?? ????? FrontPage ? ????? ??? ????? ??????? ??? ???? FrontPage "???? ???? ???? ??? ??? ?????? ??? ??????? FrontPage ??????. ??????? ??????? ??? ??????. ?????? ??? ??????? ?????? ??? ??????? URLScan ???? ??? "References" ?????? ?? ??? ???????.

1. ???? ??? ?????? ?????? ??? ???? ?? ???? ??? ???????. ??? ???? ?????? ??????:
   %windir%\system32\inetsrv\urlscan
   ??? ?? %windir% ???? Windows (??? ???? ??????? C:\Windows ?? C:\Winnt).
2. ???? ??? ?????? ?????? ??? ????? Urlscan.ini ?? ???? ??? ???. ???? ??? ?????? ?????? ??? ?????? ?? ???? ??? ???. ??? ????? ??? Urlscan.ini ???? ????? ??????.
3. ???? ????? ??????? ??? ????? Urlscan.ini. ??? ??? ????? ?? "???????".
4. ?? ?????? ????????? ???????:
   1. ?? ?????? [??????] ? ?? ?????? ????? ???????:

      [options]
      UseAllowVerbs=1          ; use the [AllowVerbs] section
      UseAllowExtensions=0     ; use the [DenyExtensions] section
      NormalizeUrlBeforeScan=1 ; canonicalize URL before processing
      VerifyNormalization=1    ; canonicalize URL twice, reject on change
      AllowHighBitCharacters=0 ; deny high bit (UTF8 or MBCS) characters 
      AllowDotInPath=0         ; deny dots in path
      EnableLogging=1          ; log activity
      PerDayLogging=1          ; change log files daily
      PerProcessLogging=0      ; do not change log files by process ID
      RemoveServerHeader=0     ; do not remove "Server" header
      AlternateServerName=
      UseFastPathReject=0      ; use RejectResponseUrl or log the request
      RejectResponseUrl=
      AllowLateScanning=1      ; allow URLScan to be loaded low priority
      						

   2. ?? ?????? [AllowVerbs] ? ?????? ????? ??????? ???. ?? ??? ?????? ??? ????.

      [AllowVerbs]
      GET     ; allow GET (most Web requests)
      HEAD    ; allow HEAD requests
      OPTIONS ; allow OPTIONS (Web Folders need this)
      POST    ; allow POST (FrontPage Server Extensions and HTML forms need this)
      						

   3. ?? ?????? [DenyHeaders] ? ?????? ????? ??????? ???. ?? ??? ?????? ??? ????.

      [DenyHeaders]
      If:         ; deny (used with WebDAV)
      Lock-Token: ; deny (used with WebDAV)
      						

   4. ?? [DenyExtensions] ?????? ????? ????? ???????:

      [DenyExtensions]
      .asa     ; deny active server application definition files
      .bat     ; deny batch files
      .btr     ; deny FrontPage dependency files
      .cer     ; deny x509 certificate files
      .cdx     ; deny dynamic channel definition files
      .cmd     ; deny batch files
      .cnf     ; deny FrontPage metadata files
      .com     ; deny server command-line applications
      .dat     ; deny data files
      .evt     ; deny Event Viewer logs
      .exe     ; deny server command-line applications
      .htr     ; deny IIS legacy HTML admin tool
      .htw     ; deny Index Server hit-highlighting
      .ida     ; deny Index Server legacy HTML admin tool
      .idc     ; deny IIS legacy database query files
      .inc     ; deny include files
      .ini     ; deny configuration files
      .ldb     ; deny Microsoft Access Record-Locking Information files
      .log     ; deny log files
      .pol     ; deny policy files
      .printer ; deny Internet Printing Services
      .sav     ; deny backup registry files
      .shtm    ; deny IIS Server Side Includes
      .shtml   ; deny IIS Server Side Includes
      .stm     ; deny IIS Server Side Includes
      .tmp     ; deny temporary files
      						

   5. ?? ?????? [DenyUrlSequences] ? ?? ?????? ????? ???????:

      [DenyUrlSequences]
      ..         ; deny directory traversals
      ./         ; deny trailing dot on a directory name
      \          ; deny backslashes in URL
      :          ; deny alternate stream access
      %          ; deny escaping after normalization
      &          ; deny multiple CGI processes to run on a single request
      /fpdb/     ; deny browse access to FrontPage database files
      /_private  ; deny FrontPage private files (often form results)
      /_vti_pvt  ; deny FrontPage Web configuration files
      /_vti_cnf  ; deny FrontPage metadata files
      /_vti_txt  ; deny FrontPage text catalogs and indices
      /_vti_log  ; deny FrontPage authoring log files
      						

   6. ????? ??? ?? ?????? ??? ????????? [DenyVerbs] ??? ????? ??????? [AllowExtensions] ??????? ?? ??? ??? ??????? ?? ??? ???????. ????? ?? ????????? ??? ??? ??????? ?? ??? ??????? "? ???? ??? ??? ??????? ?????? ?????? ??" ????? ??????? ?? Microsoft:
      307608

      (http://support.microsoft.com/kb/307608/ )

      ???????? URLScan ??? IIS
5. ??? ????? ?? ?????? "???????".

????? ?????? URLScan (???????)

???????? ?????????? ???? URLScan ?? IIS ????. ?? ?????? ??? ?????? ?????? ?? ????? ??????? ?????? ?????? ???? ??????? ??????? ????? (ISAPI) "???? ????? ??? ????? ?????? ??? ?? ??? ??????? URLScan. ???? ????? ISAPI ?????? ???? FrontPage (Fpexedll.dll) ?? ???? ???????. ??? ????? ?? ?? ????????? ?? ??? ????? ???? ??? ??????? ????? ????? URLScan ????? ??? ???? ????? ISAPI Fpexedll.dll ? ????? ?????? ?????? ??? ??????? ?????? URLScan ?? ????? ????? ISAPI ??????. ????? ?? ?????????? ???? ????? ????? ????? ISAPI ???? ???????.

?????? ??? ?? ????? ?? ????? ??????? ?????? ????? ??? ????? ???? ???? ?? AllowLateScanning = 1 ??????? ?? ????? Urlscan.ini ????? URLScan ????? ????? ?????? ??????. ?????? ????? ???? ??????? ?? ??? "Modifying the default URLScan configuration file" ?? ??? ???????.

1. ??? ????? ????? ????? ??????. ?????? ????? ???? ??????? ???????? ????? IIS:
   • ?? IIS 4.0:
     1. ?? ??????? ???? ? ???? ??? ??????? ?? ???? ??? Windows NT 4.0 Option Pack.
     2. ???? ??? ???? ??????? ?????? Microsoft.
     3. ??? ????? ????? ??????.
   • ?? IIS 5.0:
     1. ?? ??????? ???? ? ???? ??? ??????? ?? ???? ??? ????? ??????.
     2. ??? ????? ????? ??????.
   • ?? IIS 5.1:
     1. ??? ??????? "????" ? ???? ??? "???? ??????".
     2. ???? ????? ??????? ??? ????? ??????.
     3. ???? ????? ??????? ??? ????? ??????? ??????.
2. ???? ??? ?????? ?????? ??? ???? ????????? ?? ???? ??? ?????.
3. ??? ?????? ????? ???? WWW ???????? ?? ???? ??? ???? ?????.
4. ???? ??? ????? ??????? ????? ????? ISAPI.
5. ???? ??? UrlScan ?? ???? ??? ???? "?????" ?????? UrlScan ????? Fpexedll.dll.
6. ???? ??? ?????.
7. ???? ??? ????? ??? ????.

????? ????? IIS ?????? URLScan

??? ??? ????? IIS ??? ?????? ??? ??????? URLScan ????? ????????? ?? ??? Urlscan.ini. ????? ??? ????? ????? IIS ??? ???? ??????? ??????? ??????? ????? ???????. ?????? ????? ???? ??????? ???????? ????? IIS:

• ?? IIS 4.0:
  1. ?? ???? ???????? ???? ????? ??????:
     STOP NET /Y "???? ????? IIS"
  2. ??? ??? ??? ?????? ?? ??????? ??????? ???????? ??? ?? ??????? ????? ????? ???? ????? ????? ????? ??? ??????? ??????.
  3. ????? ????? ??????? ???????
     ?? ????? ???? ???? ????? IIS ?????.
     ????? ????? ???? IIS ?? ???. ?????? ????? ???? ??????? ??????? ?? ???? ??????? ????? ??? ??????? ENTER ??? ?? ???:
     ??? NET "??? ???? ?????"
     ??? NET "Simple Mail ???????? ????? (SMTP)"
     ??? NET "???? ????? FTP"
     ??? NET "???? ????? ?????? IIS"
  4. ???? ???? ???????.
• ?? IIS 5.0:
  1. ???? ??? ?????? ?????? ??? ??? ?????? ??? ?? ???? ??? ????? ????? IIS.
  2. ???? ??? ????? ????? ????? ?????? ??? Your Computer.
  3. ???? ??? ?????.
• ?? IIS 5.1:
  1. ???? ??? ?????? ?????? ??? ???? ????????? ? ??? ??? ???? ?????? ?? ???? ??? ????? ????? IIS.
  2. ???? ??? ????? ????? ????? ?????? ??? Your Computer.
  3. ???? ??? ?????.

??????? ??????? ????????

• ???? ????????? ???????? ?? ??? "Modifying the default URLScan configuration file" ?? ??? ??????? ?? EnableLogging = 1 ??????? ?? [??????] ?????? ?? ????? Urlscan.ini. ???? ??? URLScan ???????? ??? ???? URLScan ???? ??? ?????. ??? ??? ??? ????? ??? ?? ??? ?????? ??? ????? Urlscan.dll. ??? ?????? ??? ?????? ???????? FrontPage ?? ?????? IIS ??????? ????? ????? URLScan ?????? ???? ????????? ?? ??? ????? ?????? ??? ??????? ??? ??? ????? ??.
• ??? ??? ?????? ??????? ?????? ??? ??? Urlscan.ini ?????? ??? ????? Urlscan.ini ????? ??????? Urlscan.001 ? Urlscan.002 ? ?? ???? ??? ? ???? ???? ???? ??????? ?????????? ???? ???????. ????? ??? ?? ??? ????? ????? ??? ??? ?????? ????? ????? ???? ????.
• ?? ???? ?? ???? ?? ????????? ???? ?????? ??? URLScan ????? ??????? ? ??? ??????? ??? ????? ????? ????? IIS. ??? ??? ????????? ?? ???? ?? ???? ????? ??????? ? ????? ????? ???? ???.

?????? ??? ???? ?? ????????? ??? ????? ????? ???? URLScan ???? ??? ????? ???????? ??????? ?????? ?? "????? ??????? ?? Microsoft: