????? IIS ???????? URLscan ?? ???? Exchange

?????? ????????? ?????? ?????????
???? ???????: 309508 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???? | ?? ????

?? ??? ??????

???????

?????? ???? ??? ??????? ?????? ?? Exchange 2000 ??? Exchange Server 5.5 ??? ????? IIS ????? ???? ??????? 1.0. ???? Microsoft ?????? ???? ????? ?? "???? ????? IIS:
http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-bb30-47eb-9a61-fd755d23cdec&DisplayLang=en
?????? ??? ??????? ??????? ???? ??? ??? ??????? ????? ?????? ?? "????? ??????? ?? Microsoft:
309677XADM: ????? ??????? ' ? ' ??? ??? ??? ??????? ????? IIS Lockdown ?? ???? 2000 Exchange
???? ????? ??????? ?????? (IIS) ????? IISlockD ? URLscan ? ??? ????? ???? ????? ?? Exchange. ???? ??? ??????? ????? ????? ?? ??? ??? ??????? ?? Exchange 2000 Server ???? Exchange Server 5.5. ????? ????????? ????? ??? ????? ?? IISlockD ?????? URLscan:
  • Microsoft Outlook Web Access (OWA). ?? ???? ????? ????? ?????? ??? OWA ? ????? ??????? ????? ??????, ? ? ???? ??????? ??????. ???????? ??? ???? ??? ????? ?????? ??? ?????? ?????? ??? OWA ?? ?????? ??? ???? Exchange 2000 ?? ????? ????? ????? ???????:
    ??? ??? ?? ??? ???????.
    ?? ???? ?????
    ??: 878
    ???: ?????? ????? ?? ?????? ??????? ??????? ????????
  • ????? ???? Exchange. ??? ?????? ???? ?????? ???? ?????? ??????? ?? "????? ???? Exchange ?? ????? ????? ????? ???????:
    ?????? ??? ?????. ???? F5 ????? ????? ????? ??? ????.
    ?????? ???: 80040e19
    ????? ???? Exchange
  • ????? ???? Exchange. ??? ?????? ????? ???? ?????? ??????? ?? "????? ???? Exchange ?? ????? ????? ????? ???????:
    ???? ??????? ???? ??? ????? ?? ????. c1030af2
  • ????? ??????? ???????. ?? ????? ????? ????? ??????? ??? ?????? ????? ?????? ??? "??????? Exchange ???????":
    ????? ?????? ??? Microsoft Exchange ??????? ???????? ??????? ??? ?????? ??? ?????? ??????. ?????? ???????? ??? ???? ??????.

?????

???? ?? ???? ??? ??????? ??? ??????? ????????? IISlockD ?????? ?????? URLScan ????? ?? ?????? ?? ???? ????? ???? ???. ?????? Exchange 2000 ?????? ??? ? ??????? (WebDAV) ???????? ?????? ?????? ??????? ???????? ??? ???? ??????? (HTTP) ??? ????? ??? ?? ??? ??????? ?????????. ?????? ?????? Exchange Server 5.5 ????? ?????? ?????? (ASP) ???? ??? ????? ???? ???????.

????

?????? ??? ??? ????????? ?????? ??? ??????? ??? ?????? ????? ??. ??? ????? ?????? Exchange 2000 Server ? Exchange Server 5.5 ????? ???? ???? ???? ?? ???? ???? ????????? ?????? ???? ?? ??? ?????. ??? ???? ??????? ???? ????????? INI URLscan ????? IIS. ??? ??? ?????? ?????? "DenyExtensions" ?? ????????? INI ????? ????? ?????? ??? ????????? ??? IIS ?? ???? ??????? ???? ??????? ??? ????? .HTM ?? .HTML ?????.

????? IIS ??? ?????? Exchange 2000

?? ????? Exchange 2000 ?? ????? ???? ????? Exchange ????? ?????? ??????? ?????? (IFS) ????? ?????? ??????? ???????? (????? ???? ??????? M). ???????? ?????? ????? ??? ?????? Exchange 2000:
  1. ????? IISlockD.exe.
  2. ???? ??? ????? ?????? ?? ???? ??? ??????.
  3. ??? ??? ???? ?????? ????? ??????? ??????? ??????:
    1. ??? ??? ????? ????? ?????? ?????? ?????? (.asp) ????? ???? ???????? OWA ???? ??????? ?? ???? ???? ? ?? ???? ???? ????? ??????. ???? ??????? ????? ??????? ??????? ?????? ???? ???? ??????? ??? ??????? ????? ??? ????? ?? ?????? ?????:
      288119XWEB: ????? ????? ?? ??????? ???????? ?? OWA
      ????? ????? ?????? ?????? (ASP) ??? ????? ????? ????? ????? ?????? ????? ???????? WAV ????? ??????.
    2. ??? ?? ????? ???? ???????? ????? ??? .HTR ??????? ?????? (.htr) ?? ???? ???? OWA ????? ???? ??????. ?? ????? ??? ?????? OWA ???? ???????. ???? ??? ??????? ??????? ????? ?????? ??????? ??? ????? ???? ????? ???? ?????? ?? OWA:
      297121XWEB: ????? ????? ?? ????? ???? ?????? ??? ???? ?????? ?????? ??? Outlook
  4. ???? ??? ??????.
  5. ??? ??? ???? ?????? ??????? ????? ??????:
    1. ???? ?????? ????? "??????? ?????" ??????? ?????? ??????? (WebDAV) ???? ????????.
    2. ???? ?????? ????? ????? ?????? ??????? ???? ?????????? ????????? IIS ?? ??????? ??? ??????? ??????? ???? ????????. ?????? ??? ????? IIS ???????? ???? ?? ??????? ??? IFS Exchange.
  6. ???? ??? ?????? ?? ???? ??? ??? ?????? ????? ?????.
?????? ?????? ??????? ???????? ??????? IIS ??????, ????? ????? ???? ??? ???? Access ?????? (ACE) ?? ??????? ??? ???????? ?? ??? ?? ???? IIS ???????:
  1. ??? ????? ???? ?????? ????? ????? ?????? ???????? ?? Microsoft (MMC).
  2. ???? ??? ?????? ???? ??? ?????????.
  3. ??? ???? ?????:
    1. ???? ??? ????? ???? ????? ?? ???? ??? ?????? ?????? ??? ?????? ??????? ?? ???? ??? ?????.
    2. ?? ????? ??????? "?????? ???????" ? ???? ???? ????.
    3. ?????? ?????? Microsoft Windows ??? ?? ???? ???? ?????? ???? ????.
    4. ???? ??? ?????? ?????? ??? ?????? ?? ???? ??? ?????.
    5. ???? ??? ????? ??????? ????.
    6. ???? ??? ?????.
    7. ???? ?????? ?????? "?????????? ?????????" _Web_Web ??????? ?? ???? ??? ?????.
    8. ???? ??? ?????? ???? _Web "?????????? ?????????" ??? ?? ??? ACE ?????? ??????.
    9. ???? ??? ?????? ???? _Web ??????? ??? ?? ??? ACE ?????? ??????.
  4. ??? ?????? 3 ??? ???? ????? ???????? ?????? ???????? Exchange ? Exadmin.

IIS Lockdown ??? Exchange Server 5.5 ???????

??????? ???? ????? ??? ????? ??????? Exchange Server 5.5:
  1. ??? ????? IISlockD.exe.
  2. ???? ??? ????? ?????? ?? ???? ??? ??????.
  3. ??? ??? ???? ?????? ????? ??????? ??????? ??????
    1. ???? ?????? ????? ???? ???????? ????? ????? ?????? ?????? ?????? (.asp).
    2. ??? ?? ????? ???? ???????? ????? ??? .HTR ??????? ?????? (.htr) ?? ???? ???? OWA ????? ???? ??????. ???? ??? ??????.
  4. ??? ??? ???? ?????? ??????? ????? ??????.
  5. ???? ??? ?????? ?? ???? ??? ??? ?????? ????? ?????.
??? ??? ?????? ?????? ???? IIS Lockdown ????? ???? Exchange Server 5.5 OWA ?? ???? ???????? ??????? ???????? ?????:
  • OWA:
    1. ??? ????? ????? ????? ??????.
    2. ???? ??? ????? ???? ??? ????????? ?? ???? ??? ?????? ?????? ??? ?????? ??????? Exchange ?? ???? ??? ?????.
    3. ???? ??? ????? ??????? ?????? ??????? ?? ???? ??? ?????.
    4. ???? ??? ????? .ASP ?? ???? ??? ?????. ???? IIS Lockdown ?????? ??? ??????? 404.dll. ????? ??????? ??? asp.dll. ??? ????? ????????? ???? ???? ????? ??????? Microsoft Windows NT 4.0 ????? "PUT DELETE" ??? ???? ????????? ?????. ??? ????? ????????? ???? ???? ????? ??????? Microsoft Windows 2000 ???? ?? ????? ???? ???????? ????? ??? ?? ????? ???? ????? ??? "GET ? HEAD, POST, TRACE".
    5. ???? ??? ????? ?????? ???????.
  • ????? ???? ??????:
    1. ????? ????? ???? ????? Iisadmpwd ?? ????.?????? ??? ??????? ?????? ??? ????? ????? ????? ???? ????? Iisadmpwd ???? ??? ??? ??????? ????? ?????? ?? "????? ??????? ?? Microsoft:
      301428??????? ??????? ???????? ?? Outlook Web Access ?? ????? IIS
    2. ?????????? ??? ????? ????????? ?????? ".htr" ?????. ??????? ????? ????? ".htr":
      1. ??? ????? ????? ????? ??????.
      2. ???? ??? ?????? ?????? ??? ???? ??? ????????? ?? ???? ??? ?????.
      3. ???? ??? ????? ??????? ?????? ??????? ?? ???? ??? ?????.
      4. ???? ??? ????? .htr ?? ???? ??? ?????. ???? IIS Lockdown ?????? ??? ??????? 404.dll. ????? ??????? ??? ism.dll.
      5. ???? ??? ????? ?????? ???????.

URLscan ??? ?????? Exchange 2000

?????? ??? ???? ?? ????????? ??? ??????? Exchange 2003 ? URLscan ???? ??? ??? ??????? ?????? ?????? ?? "????? ??????? ?? Microsoft:
823175???????? ???????? ? fine-tuning ??? ??????? ?????? ???????? Urlscan ?? ???? Exchange 2003
????? ??? ?????? ??? ????? ????? URLscan ???????? ???????:
  • owa
  • ????? ???? Exchange
  • ????? ????????? ???????
  • ?????? ???
?????? ?????? ??? ??? ????? ?????? DenyUrlSequences ??? ??? URLScan.ini ?? ?? ????? ??? ????? ?????? ?????? Access ??? ?? Outlook (OWA) ??? ??? ??? ??????? ?? ????? ?????? ????? ??? ??? ?????? ??????. ??? ??? ????????? ?????? ??? ????? URLscan ?? ?????? %windir%\system32\inetsrv\urslscan ?????? ??? ?????? ?? ?? ??? ????????.

?? ???? ????? ????? ?????? ??? ???? ???? ????? ??? ??? ????? ??????? ?????? ?? ?? ???? ???????? ???? ???????.

???? ??? Urlscan.ini ?? ?????? ??????:
windir\System32\Inetsrv\Urlscan
????? ????? Urlscan.ini ???????? ??? ??? ????????? Exchange.

??? ?????? ?????? ???? ??? ?????? ????? HTTP ?? ????? URLScan ? ???? ?? ??? Urlscan.log ?????? ??? ??????? ?? ????? ??? ???. ?????? ????????? ???? Urlscan.log:
windir\System32\Inetsrv\Urlscan

owa

??? ??????? URLscan OWA ??? ??? (?? ???? ??? "????? ???? ??????" ????? ??? ????? ???? ????? ".htr" ?? ?????? ?????? ?????):
[????????]
UseAllowVerbs = 1
UseAllowExtensions = 0
NormalizeUrlBeforeScan = 1
VerifyNormalization = 1
AllowHighBitCharacters = 1
AllowDotInPath = 1
RemoveServerHeader = 0
EnableLogging = 1
PerProcessLogging = 0
AllowLateScanning = 0

[AllowVerbs]
??????
???
?????
?????????
propfind
bmove
bcopy
????????
???
proppatch
bproppatch
???
bdelete
mkcol

[DenyVerbs]

[DenyHeaders]
???:
??? ???????:

[DenyExtensions]
.asp
.cer
.cdx
.asa
.exe
.bat
.cmd
.com
.htw
.ida
.idq
.htr
.idc
.shtm
.shtml
.stm
.printer
&.ini &
.log
.pol
.dat

[DenyUrlSequences]
..
./
\
%
&

????? ???? Exchange ????? ?????? ???????

??? ??????? URLscan ?? "????? ???? Exchange ????? ???????? ???????? ??? ???:
[????????]
UseAllowVerbs = 1
UseAllowExtensions = 0
NormalizeUrlBeforeScan = 1
VerifyNormalization = 1
AllowHighBitCharacters = 1
AllowDotInPath = 1
RemoveServerHeader = 0
EnableLogging = 1
PerProcessLogging = 0
AllowLateScanning = 0

[AllowVerbs]
propfind
?????
proppatch
???
mkcol
???
????
??????

[DenyVerbs]

[DenyHeaders]
???:
??? ???????:

[DenyExtensions]
.asp
.cer
.cdx
.asa
.exe
.bat
.cmd
.htw
.ida
.idq
.htr
.idc
.shtm
.shtml
.stm
.printer
&.ini &
.log
.pol
.dat
?????? ????? ????? .com ??? ????? DENYEXTENSIONS ??? ????? ?????? ?? ????? ??? ??? ???? (DNS). com.
[DenyUrlSequences]
..
./
\
%
&

????? ????????? ???????

??? ??????? URLscan "???????? ???????" ??? ???:
[????????]
UseAllowVerbs = 1
UseAllowExtensions = 0
NormalizeUrlBeforeScan = 1
VerifyNormalization = 1
AllowHighBitCharacters = 1
AllowDotInPath = 1
RemoveServerHeader = 0
EnableLogging = 1
PerProcessLogging = 0
AllowLateScanning = 0

[AllowVerbs]
????????
????? ????????
??????????
?????
?????????
propfind
proppatch
acl

[DenyVerbs]

[DenyHeaders]
???:
??? ???????:

[DenyExtensions]
.asp
.cer
.cdx
.asa
.exe
.bat
.cmd
.com
.htw
.ida
.idq
.htr
.idc
.shtm
.shtml
.stm
.printer
&.ini &
.log
.pol
.dat

[DenyUrlSequences]
..
./
\
%
&

?????? ???

??? ??????? URLscan ??????? ??? ??? ???:
[????????]
UseAllowVerbs = 1
UseAllowExtensions = 0
NormalizeUrlBeforeScan = 1
VerifyNormalization = 1
AllowHighBitCharacters = 1
AllowDotInPath = 1
RemoveServerHeader = 0
EnableLogging = 1
PerProcessLogging = 0
AllowLateScanning = 0

[AllowVerbs]
??????
propfind
???
bcopy
???
bdelete
mkcol
??????
?????
????? ?????
???

[DenyVerbs]

[DenyHeaders]
?????:
???:
??? ???????:

[DenyExtensions]
.asp
.cer
.cdx
.asa
.exe
.bat
.cmd
.com
.htw
.ida
.idq
.htr
.idc
.shtm
.shtml
.stm
.printer
&.ini &
.log
.pol
.dat

[DenyUrlSequences]
..
:
./
\
%
&

??????? WebDAV ?????

?? ?? ?? ?????? ??? ????? ????? ?? ??????? ??? ???? Exchange 2000 ?????? ??? ????? ??????? DAV ?????????. ????? ??? ??????? ??? ???? AllowVerbs ??? ????? URLscan ?????? ??? ????? ??? ???????? ???? ?????? ?????? ??????.

URLscan ??? Exchange Server 5.5 ???????

?????? ?????? ??? ??? ????? ?????? DenyUrlSequences ??? ??? URLScan.ini ?? ?? ????? ??? ????? ?????? ?????? Access ??? ?? Outlook (OWA) ??? ??? ??? ??????? ?? ????? ?????? ????? ??? ??? ?????? ??????. ??? ??? ????????? ?????? ??? ????? URLscan ?? ?????? %windir%\system32\inetsrv\urslscan ?????? ??? ?????? ?? ?? ??? ????????.

??? ??????? URLscan OWA ??? ??? (?? ???? ??? "????? ???? ??????" ????? ??? ????? ???? ????? ".htr" ?? ??????? ?????? ?????):
[????????]
UseAllowVerbs = 1
UseAllowExtensions = 0
NormalizeUrlBeforeScan = 1
VerifyNormalization = 1
AllowHighBitCharacters = 1
AllowDotInPath = 0
RemoveServerHeader = 0
EnableLogging = 1
PerProcessLogging = 0
AllowLateScanning = 0
AlternateServerName =

[AllowVerbs]
??????
???
???

[DenyVerbs]
propfind
proppatch
mkcol
???
???
????
???
?????
????? ?????

[DenyHeaders]
?????:
???:
??? ???????:

[DenyExtensions]
.exe
.bat
.cmd
.com
.htw
.ida
.idq
.idc
.shtm
.shtml
.stm
.printer
&.ini &
.log
.pol
.dat
.htr

[DenyUrlSequences]
..
./
\
:
%
&

???????

???? ???????: 309508 - ????? ??? ??????: 10/???? ?????/1428 - ??????: 6.5
????? ???
  • Microsoft Exchange Server 2000 Service Pack 1
  • Microsoft Exchange Server 5.5 Standard Edition
  • Microsoft Exchange 2000 Enterprise Server
????? ??????: 
kbmt kbprb KB309508 KbMtar
????? ????
???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????
???? ??? ????? ??????? ?????? ??????????309508

????? ???????

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com