Microsoft KB Archive/885347

= An incomplete URL path is recorded for the cs-uri-stem field in the IIS log file =

Article ID: 885347

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 5.1

-



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx





SYMPTOMS
When you turn on logging in Microsoft Internet Information Server (IIS) 4.0, Microsoft Internet Information Services (IIS) 5.0, or IIS 5.1, the cs-uri-stem client URI field in the IIS log file does not record the complete path that the client requests.

Note The IIS log files are located in the C:\ \SYSTEM32\LOGFILES\W3SVC folder.

For example, a GET request with the URL http:// is expected to log the following information:

80 GET

Instead, the example GET request logs the following information:

80 GET



WORKAROUND
To work around this behavior, implement an audit policy in Microsoft Windows 2000 for the specific events that you want to track. For more information about auditing and intrusion detection in Windows 2000, see Chapter 9, &quot;Auditing and Intrusion Detection,&quot; in Microsoft Solution for Securing Windows 2000 Server. To read this chapter in Microsoft Solution for Securing Windows 2000 Server, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/win2000/secwin2k/09detect.mspx

You can also use the URLScan tool to control and monitor HTTP requests. For additional information about the URLScan tool, click the following article number to view the article in the Microsoft Knowledge Base:

307608 Using URLScan on IIS

Keywords: kbtshoot kbprb KB885347

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.