Today I installed URLScan 2.5 and experienced following error: “The Web Server Has Been Locked Down and Is Blocking the DEBUG Verb” while I tried to debug my project. I tried several thing apart from restarting my IIS, but nothing worked !
" UrlScan version 2.5 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan security tool helps prevent potentially harmful requests from reaching the server. UrlScan 2.5 will now install as a clean installation on servers running IIS 4.0 and later."
Then I tried developers' best friend yes, Google! , and I got the solution from microsoft site.
--------------------------------------------------------------------------------
To enable debugging on a Web server with URLScan installed
1.Locate the Urlscan.ini file. Normally, you will find it in a directory that looks something like this:
%windir%\System32\Inetsrv\urlscan2.Create a copy of the file and name it Urlscan.old.
3.Open the original copy of the Urlscan.ini file using Notepad or the text editor of your choice.
4.In Urlscan.ini, locate the [AllowVerbs] section. Add DEBUG to the [AllowVerbs] section. If you see ;DEBUG in the [AllowVerbs] section, you can remove the semicolon (which comments out the verb).
5.Locate the [DenyVerbs] section. If DEBUG appears in the [DenyVerbs] section, remove it.
6.Save the file.
7.Restart the server or restart IIS.
Source:
http://geekswithblogs.net/ram/archive/2006/02/28/70937.aspx
http://msdn.microsoft.com/en-us/library/6ax8x46y(VS.71).aspx
http://technet.microsoft.com/en-us/security/cc242650.aspx
" UrlScan version 2.5 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan security tool helps prevent potentially harmful requests from reaching the server. UrlScan 2.5 will now install as a clean installation on servers running IIS 4.0 and later."
Then I tried developers' best friend yes, Google! , and I got the solution from microsoft site.
--------------------------------------------------------------------------------
To enable debugging on a Web server with URLScan installed
1.Locate the Urlscan.ini file. Normally, you will find it in a directory that looks something like this:
%windir%\System32\Inetsrv\urlscan2.Create a copy of the file and name it Urlscan.old.
3.Open the original copy of the Urlscan.ini file using Notepad or the text editor of your choice.
4.In Urlscan.ini, locate the [AllowVerbs] section. Add DEBUG to the [AllowVerbs] section. If you see ;DEBUG in the [AllowVerbs] section, you can remove the semicolon (which comments out the verb).
5.Locate the [DenyVerbs] section. If DEBUG appears in the [DenyVerbs] section, remove it.
6.Save the file.
7.Restart the server or restart IIS.
Source:
http://geekswithblogs.net/ram/archive/2006/02/28/70937.aspx
http://msdn.microsoft.com/en-us/library/6ax8x46y(VS.71).aspx
http://technet.microsoft.com/en-us/security/cc242650.aspx
Comments