Microsoft KB Archive/178559

= IIS-Redirect to Secured Page Produces Successful Anonymous Access Log Entry =

Article ID: 178559

Article Last Modified on 11/9/2005

-

APPLIES TO


 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q178559



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx





SYMPTOMS
When a Microsoft Active Server Page (ASP) or HTML page redirects to another ASP or HTML page, and both pages are secured (no anonymous access), an entry is made in the Internet Information Server (IIS) log that indicates the anonymous user successfully accessed the second document.



RESOLUTION
Upgrade to Microsoft Internet Information Server version 4.0.



STATUS
Microsoft has confirmed this to be a problem in Microsoft Internet Information Server version 3.0. This problem has been corrected in version Microsoft Internet Information Server version 4.0.



MORE INFORMATION
On Internet Information Server 4.0, the status code for is 401 (Access Denied, Unauthorized). On Internet Information Server 3.0, the status code is 200 (OK).

Additional query words: Security Logging produces access log entry

Keywords: kbbug kbfix KB178559

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.