RE: Double-clicking attachments in OWA 2000 gives 404
More info: * OWA 2000 server is a front-end setup * OWA 2000 server using latest iis lockdown and url scan w/ standard owa template. Appreciate any pointers. byron -Original Message- From: Byron Kennedy Sent: Wednesday, March 19, 2003 12:30 PM To: Exchange Discussions Subject: Double-clicking attachments in OWA 2000 gives 404 Am seeing this error occasionally on a new exchange 2000 owa server (All 2000 mailbox and owa 2000 servers are sp3). One example was a relatively small zip file, another an .htm file. Doesn't happen on all attachments, but is consistent with the message, that is it never works when accessing w/ 2000 owa, but funny thing is it will access fine from our legacy 5.5 sp4 owa server. Both using ssl. Seems like an encoding or formatting issue that owa 2000 experiences when accessing the 2000 mailbox file system. The 5.5 owa ASP code doesn't get the 404 error. Any thoughts? Byron D. Kennedy http://www.markettools.com MarketTools(r) Real Market Research Insights. In Real Time. At Real Savings. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Double-clicking attachments in OWA 2000 gives 404
URLScan? Check the name of the mail message in which the attachment is located. If the title of the message contains any string of an otherwise bogus URL request (e.g. ".." which is part of the request for Code Red and Nimda) then it will be denied with a 404. > -Original Message- > From: Byron Kennedy [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 19, 2003 3:58 PM > To: Exchange Discussions > Subject: RE: Double-clicking attachments in OWA 2000 gives 404 > > > More info: > > * OWA 2000 server is a front-end setup > * OWA 2000 server using latest iis lockdown and url scan w/ > standard owa > template. > > Appreciate any pointers. > > byron > > -Original Message- > From: Byron Kennedy > Sent: Wednesday, March 19, 2003 12:30 PM > To: Exchange Discussions > Subject: Double-clicking attachments in OWA 2000 gives 404 > > > Am seeing this error occasionally on a new exchange 2000 owa > server (All > 2000 mailbox and owa 2000 servers are sp3). One example was a > relatively small zip file, another an .htm file. Doesn't happen on all > attachments, but is consistent with the message, that is it > never works > when accessing w/ 2000 owa, but funny thing is it will access > fine from > our legacy 5.5 sp4 owa server. Both using ssl. > > Seems like an encoding or formatting issue that owa 2000 experiences > when accessing the 2000 mailbox file system. The 5.5 owa ASP code > doesn't get the 404 error. > > Any thoughts? > > Byron D. Kennedy > http://www.markettools.com MarketTools(r) Real Market Research Insights. In Real Time. At Real Savings. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Double-clicking attachments in OWA 2000 gives 404
Hey erik- Yeah, traced it to urlscan and have been tweaking it. Can someone send me an ini file that's known to work well for user community over some time Providing a solid level of security w/o sacrificing functionality with/in exch 2000 owa? I'd like to compare/benchmark. Thx again-byron -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 5:26 AM To: Exchange Discussions Subject: RE: Double-clicking attachments in OWA 2000 gives 404 URLScan? Check the name of the mail message in which the attachment is located. If the title of the message contains any string of an otherwise bogus URL request (e.g. ".." which is part of the request for Code Red and Nimda) then it will be denied with a 404. > -Original Message- > From: Byron Kennedy [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 19, 2003 3:58 PM > To: Exchange Discussions > Subject: RE: Double-clicking attachments in OWA 2000 gives 404 > > > More info: > > * OWA 2000 server is a front-end setup > * OWA 2000 server using latest iis lockdown and url scan w/ > standard owa > template. > > Appreciate any pointers. > > byron > > -Original Message- > From: Byron Kennedy > Sent: Wednesday, March 19, 2003 12:30 PM > To: Exchange Discussions > Subject: Double-clicking attachments in OWA 2000 gives 404 > > > Am seeing this error occasionally on a new exchange 2000 owa > server (All > 2000 mailbox and owa 2000 servers are sp3). One example was a > relatively small zip file, another an .htm file. Doesn't happen on all > attachments, but is consistent with the message, that is it > never works > when accessing w/ 2000 owa, but funny thing is it will access > fine from > our legacy 5.5 sp4 owa server. Both using ssl. > > Seems like an encoding or formatting issue that owa 2000 experiences > when accessing the 2000 mailbox file system. The 5.5 owa ASP code > doesn't get the 404 error. > > Any thoughts? > > Byron D. Kennedy > http://www.markettools.com MarketTools(r) Real Market Research Insights. In Real Time. At Real Savings. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Double-clicking attachments in OWA 2000 gives 404
I'll look at ours and get back to yours; Be aware that if you are 100% patched and up to date on your IIS code, you may be able to completely remove some of the entries that are intended to protect against exploits that are already protected by a patch. We compromised and removed some redundant entries (removed ".." but kept ".\" to protect against the CMD.EXE exploit). > -Original Message- > From: Byron Kennedy [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 20, 2003 11:34 AM > To: Exchange Discussions > Subject: RE: Double-clicking attachments in OWA 2000 gives 404 > > > Hey erik- > > Yeah, traced it to urlscan and have been tweaking it. Can > someone send > me an ini file that's known to work well for user community over some > time Providing a solid level of security w/o sacrificing > functionality with/in exch 2000 owa? I'd like to compare/benchmark. > > Thx again-byron > > -Original Message- > From: Erik Sojka [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 20, 2003 5:26 AM > To: Exchange Discussions > Subject: RE: Double-clicking attachments in OWA 2000 gives 404 > > > URLScan? Check the name of the mail message in which the > attachment is > located. If the title of the message contains any string of an > otherwise bogus URL request (e.g. ".." which is part of the > request for > Code Red and > Nimda) then it will be denied with a 404. > > > -Original Message- > > From: Byron Kennedy [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 19, 2003 3:58 PM > > To: Exchange Discussions > > Subject: RE: Double-clicking attachments in OWA 2000 gives 404 > > > > > > More info: > > > > * OWA 2000 server is a front-end setup > > * OWA 2000 server using latest iis lockdown and url scan w/ > > standard owa > > template. > > > > Appreciate any pointers. > > > > byron > > > > -Original Message- > > From: Byron Kennedy > > Sent: Wednesday, March 19, 2003 12:30 PM > > To: Exchange Discussions > > Subject: Double-clicking attachments in OWA 2000 gives 404 > > > > > > Am seeing this error occasionally on a new exchange 2000 owa > > server (All > > 2000 mailbox and owa 2000 servers are sp3). One example was a > > relatively small zip file, another an .htm file. Doesn't > happen on all > > attachments, but is consistent with the message, that is it > > never works > > when accessing w/ 2000 owa, but funny thing is it will access > > fine from > > our legacy 5.5 sp4 owa server. Both using ssl. > > > > Seems like an encoding or formatting issue that owa 2000 > experiences > > when accessing the 2000 mailbox file system. The 5.5 owa ASP code > > doesn't get the 404 error. > > > > Any thoughts? > > > > Byron D. Kennedy > > > http://www.markettools.com > > MarketTools(r) > Real Market Research Insights. In Real Time. At Real Savings. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
