Microsoft KB Archive/311116

= DOC: URLScan AllowDotInPath Documentation Contains an Error =

Article ID: 311116

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.1
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q311116



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
The &quot;URLScan&quot; section of the IIS Lockdown Tool 2.0 documentation contains an explanation of the AllowDotInPath setting that is incorrect.

The AllowDotInPath documentation contains the following text, which is incorrect:

AllowDotInPath: Allowed values are 0 or 1. Default is 0. If set to 1, UrlScan rejects any requests containing multiple instances of the dot (.) character. If set to 0, UrlScan does not perform this test.

The documentation should read:

AllowDotInPath: Allowed values are 0 or 1. Default is 0. If set to 0, UrlScan rejects any requests containing multiple instances of the dot (.) character. If set to 1, UrlScan does not perform this test.



MORE INFORMATION
Version 1.0 of the URLScan ISAPI filter contains a problem that causes FrontPage Server Extension requests to be rejected. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

307976 FP: Error When Using FrontPage With URLScan

Note that the resolution contained in this Knowledge Base article only applies to version 1.0 of the URLScan ISAPI filter and is not required in the latest version.

Additional query words: iis lockdown urlscan allowdotinpath

Keywords: kbbug kbdocerr kbpending KB311116

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.