Please help,
I've got an IIS machine that is failing PCI compliance due to the 'False
Logging Weakness'. the resolution states to use URLScan to translate hex
codes into characters, but I have no idea how to do this...
Can anyone shed some light?
Thanks.
If you are running IIS5, install and configure URLScan. If you are using
IIS6, this should be taken care of.
--
Best regards,
Steve Schofield
Windows Server MVP - IIS
http://weblogs.asp.net/steveschofield
http://www.IISLogs.com
Log archival solution.
Install, Configure, Forget
"news.microsoft.com"
news:OdxtSfmGIHA.2268@TK2MSFTNGP02.phx.gbl...
> Please help,
>
> I've got an IIS machine that is failing PCI compliance due to the 'False
> Logging Weakness'. the resolution states to use URLScan to translate hex
> codes into characters, but I have no idea how to do this...
>
> Can anyone shed some light?
>
> Thanks.
>
>
I apologize, I wasn't specific enough.
I have instaleld UrlScan, but am still failing PCI due to the False Logging
Weakness....Other than setting AloowHighBitCharacters=0, what other settings
must I apply?
thank you very much for your assistance.
"Steve Schofield"
news:ew8Q63oGIHA.4496@TK2MSFTNGP03.phx.gbl...
> If you are running IIS5, install and configure URLScan. If you are using
> IIS6, this should be taken care of.
>
> --
>
> Best regards,
>
> Steve Schofield
> Windows Server MVP - IIS
> http://weblogs.asp.net/steveschofield
>
> http://www.IISLogs.com
> Log archival solution.
> Install, Configure, Forget
>
> "news.microsoft.com"
> news:OdxtSfmGIHA.2268@TK2MSFTNGP02.phx.gbl...
>> Please help,
>>
>> I've got an IIS machine that is failing PCI compliance due to the 'False
>> Logging Weakness'. the resolution states to use URLScan to translate hex
>> codes into characters, but I have no idea how to do this...
>>
>> Can anyone shed some light?
>>
>> Thanks.
>>
>>
>
Sounds like a false positive. I would tell them what you have done and
configured. If they have an issue with it, have them provide the exact scan
text so you can configure your INI file. I've seen other scans state they
do not have the latest Service pack when they actually do.
--
Steve Schofield
Windows Server MVP - IIS
http://weblogs.asp.net/steveschofield
"news.microsoft.com"
news:Ogc0AJyGIHA.4112@TK2MSFTNGP05.phx.gbl...
>I apologize, I wasn't specific enough.
>
> I have instaleld UrlScan, but am still failing PCI due to the False
> Logging Weakness....Other than setting AloowHighBitCharacters=0, what
> other settings must I apply?
>
> thank you very much for your assistance.
>
> "Steve Schofield"
> news:ew8Q63oGIHA.4496@TK2MSFTNGP03.phx.gbl...
>> If you are running IIS5, install and configure URLScan. If you are using
>> IIS6, this should be taken care of.
>>
>> --
>>
>> Best regards,
>>
>> Steve Schofield
>> Windows Server MVP - IIS
>> http://weblogs.asp.net/steveschofield
>>
>> http://www.IISLogs.com
>> Log archival solution.
>> Install, Configure, Forget
>>
>> "news.microsoft.com"
>> news:OdxtSfmGIHA.2268@TK2MSFTNGP02.phx.gbl...
>>> Please help,
>>>
>>> I've got an IIS machine that is failing PCI compliance due to the 'False
>>> Logging Weakness'. the resolution states to use URLScan to translate
>>> hex
>>> codes into characters, but I have no idea how to do this...
>>>
>>> Can anyone shed some light?
>>>
>>> Thanks.
>>>
>>>
>>
>
>
False positive it was...
"Steve Schofield"
news:ukyx1x7GIHA.4228@TK2MSFTNGP02.phx.gbl...
> Sounds like a false positive. I would tell them what you have done and
> configured. If they have an issue with it, have them provide the exact
> scan text so you can configure your INI file. I've seen other scans state
> they do not have the latest Service pack when they actually do.
>
> --
>
> Steve Schofield
> Windows Server MVP - IIS
> http://weblogs.asp.net/steveschofield
>
>
> "news.microsoft.com"
> news:Ogc0AJyGIHA.4112@TK2MSFTNGP05.phx.gbl...
>>I apologize, I wasn't specific enough.
>>
>> I have instaleld UrlScan, but am still failing PCI due to the False
>> Logging Weakness....Other than setting AloowHighBitCharacters=0, what
>> other settings must I apply?
>>
>> thank you very much for your assistance.
>>
>> "Steve Schofield"
>> news:ew8Q63oGIHA.4496@TK2MSFTNGP03.phx.gbl...
>>> If you are running IIS5, install and configure URLScan. If you are
>>> using IIS6, this should be taken care of.
>>>
>>> --
>>>
>>> Best regards,
>>>
>>> Steve Schofield
>>> Windows Server MVP - IIS
>>> http://weblogs.asp.net/steveschofield
>>>
>>> http://www.IISLogs.com
>>> Log archival solution.
>>> Install, Configure, Forget
>>>
>>> "news.microsoft.com"
>>> news:OdxtSfmGIHA.2268@TK2MSFTNGP02.phx.gbl...
>>>> Please help,
>>>>
>>>> I've got an IIS machine that is failing PCI compliance due to the
>>>> 'False
>>>> Logging Weakness'. the resolution states to use URLScan to translate
>>>> hex
>>>> codes into characters, but I have no idea how to do this...
>>>>
>>>> Can anyone shed some light?
>>>>
>>>> Thanks.
>>>>
>>>>
>>>
>>
>>
>