Skip to main content

URLScan Error: The Web Server Has Been Locked Down and Is Blocking the DEBUG Verb

Today I installed URLScan 2.5 and experienced following error: “The Web Server Has Been Locked Down and Is Blocking the DEBUG Verb” while I tried to debug my project. I tried several thing apart from restarting my IIS, but nothing worked !

" UrlScan version 2.5 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan security tool helps prevent potentially harmful requests from reaching the server. UrlScan 2.5 will now install as a clean installation on servers running IIS 4.0 and later."

Then I tried developers' best friend yes, Google! , and I got the solution from microsoft site.



--------------------------------------------------------------------------------
To enable debugging on a Web server with URLScan installed

1.Locate the Urlscan.ini file. Normally, you will find it in a directory that looks something like this:
%windir%\System32\Inetsrv\urlscan2.Create a copy of the file and name it Urlscan.old.
3.Open the original copy of the Urlscan.ini file using Notepad or the text editor of your choice.
4.In Urlscan.ini, locate the [AllowVerbs] section. Add DEBUG to the [AllowVerbs] section. If you see ;DEBUG in the [AllowVerbs] section, you can remove the semicolon (which comments out the verb).
5.Locate the [DenyVerbs] section. If DEBUG appears in the [DenyVerbs] section, remove it.
6.Save the file.
7.Restart the server or restart IIS.

Source:
http://geekswithblogs.net/ram/archive/2006/02/28/70937.aspx
http://msdn.microsoft.com/en-us/library/6ax8x46y(VS.71).aspx
http://technet.microsoft.com/en-us/security/cc242650.aspx

Comments

Popular posts from this blog

MYSQL TO MSSQL

Aduss berpeluh2 hampir 3 minggu cari solution utk convert db mysql to mssql. mula2 aku pakai phpmyadmin untuk generate sqldump. then aku terai import masuk ke mssql gunakan new query. rupa2nya phpmyadmin ni pon bengong. dia tak create ikut mssql punya format syntac, dia generate ikut kepala dia saja walaupun aku dah klik checkbox pada OPTION MSSQL format. patut le mssql tak mau terima, even barus yg paling mudah skali iaitu komen pon phpmyadmin tak tukar!!! ade ke format komen mssql si phpmyadmin masih pakai "--" (dash dash). mssql pakai syntax "/*" utk buka blok komen dan "*/" utk tutup blok komen. adusss.  banyak plak tu dalam sqldump aku nak kena tukar.. lemau aku. 160MB punya textfile. gilo apo nak ubah satu persatu baris.. berjuta baris woo.. 8 tahun pon tak siap nak ubah. tapi ada satu software boleh buat semua tu secara auto. SQL2MSS. aku cuma pakai demo set je. dia boleh sedut semua structure, tapi rekod cuma dapat 5 per table. jadi la 5 re...

Microsoft Virtual PC: XP Mode, RPC is unavailable

hi, korang penah kene ke error diatas? bila bukak ms virtual pc. tetiba je masa nak start je XP Mode, :RPC is unavailable". pehh pening pala aku nak solve. lama2 boleh tumbuh uban woo. aku cuba buat macam ni je. 1. korang bukak ms virtual pc. 2. utk vpc yang sedia ada tu.. korang delete file dalam list tu. tapi pastikan fail tu hanya fail *.vmc atau *.vmcx je. kalau korang delete fail *.vhd, lingkup semua nanti.. hahahahaha hati2 aa 3. create semula dengan cara create baru ms vpc tu atau copy & paste dari yg lama. 4. kalau copy paste yg lama, may be tak jalan bila start, so modify sket path file *.vhd dalam setting tu. 5. cuba start. kalau ada pa pe, cuba rujuk link dibawah. may be berkesan jugak. until then, cherrio. sumber: http://social.technet.microsoft.com/Forums/en-US/w7itprovirt/thread/4765d915-cbe4-4629-aa3b-cba9efbb29b5/

Can not stop Server Audittrace

Who created the Audit Trace? If it is the C2 Audit, you have to use sp_configure to turn it off: EXEC sys.sp_configure N'c2 audit mode', N'0' GO RECONFIGURE WITH OVERRIDE GO You can check if it is enabled by just running: EXEC sys.sp_configure N'c2 audit mode' Look at the run_value returned if it is 1 then the C2 Audit is running and that is your problem. Find out why it was enabled and what for. You might not be able to just disable it. You can read more about the C2 Audit on the following Article: http://technet.microsoft.com/en-us/library/dd277388.aspx -------------------------------------------------------------------------------- Jonathan Kehayias http://sqlblog.com/blogs/jonathan_kehayias/ http://www.twitter.com/SQLSarg http://www.sqlclr.net/ Sumber: http://social.msdn.microsoft.com/Forums/en-SG/sqldatabaseengine/thread/3d485a94-eef0-4890-a68f-acbd73be1c65