IMHO, running URLSCAN on an E2K OWA server is a losing proposition. You have to open so much up that URLSCAN basically isn't doing anything.
I just talked to a MS guy (he did PSS support for IIS) at a security class. He seemed pretty adamant that there was a way to use URLSCAN with 100% non-interference with OWA. He's supposed to be sending docs. I'll post whatever he sends. For my money, run IIS lockdown (follow the OWA server template), but turn off URLSCAN. Also, most importantly: KEEP THE SERVER PATCHED!!!! -----Original Message----- From: Martin, Jon [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 7:20 PM To: Exchange Discussions Subject: OWA and URLScan-Blocked Special Characters OK, we all know that when you run Urlscan on an Exchange server that you will not be able to view certain notes in OWA, specifically those notes with special characters in the subject line. The special characters are below, along with the reason, according to MS documentation, that these should be blocked. .. Allows directory traversals ./ Allows trailing dot on a directory name \ Allows backslashes in URL % Allows escaping after normalization & Allows multiple CGI processes to run on a single request My management wants these characters unblocked. To prevent this I need a better understanding of what potential problems are being prevented by the disabling of these characters. The above explanation in the MS documentation is probably not going to be sufficient. Does anyone have a more detailed explanation of the possible exploits being blocked by disabling these characters?? Thanks. Jon Martin _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]