Quantcast
Channel: Security
Viewing all 1881 articles
Browse latest View live

How to protect My SQL Database

$
0
0

How to protect My SQL database on the server from various malware injections?


Error 401.2 while using a proxy server and Windows Authentication

$
0
0

I am using a proxy server to go from one domain to another. I see that I can reach the endpoint but I am getting the above error. I kinda understand that the proxy server while navigating to the endpoint is not providing any credentials and the backend is configured for Windows Authentication. Do I need to provide user credentials and how?

Thanks

ULScan module vs Request Filtering

$
0
0

Guys, inherited a rather large IIS 7.5 farm with URL Scan in use instead of request filtering., I am wondering why this might be ? My understanding was that request filtering had superseded URLScan. The only use for URLScan these days seems to be if:

  • You wish URLs that are filtered to be logged to a separate file. (equest filtering uses the IIS site file and this cannot be changed it seems)
  • You wish to allow someone without access to the IIS console access to the URLScan.ini file for config (seems unlikely!) 

Any thoughts or any other differences that might make a case for using URL scan still? 

IIS 7 Application - Not accepting Windows Authentication from remote machine

$
0
0

Hi there, I need your help.

So I've set up a virtual directory and application ASPNET C# available over HTTP using the Default Website.

Whenever i try to access the directly using my domain name it works, but whenever I try using my ip address from the very same machine it keeps asking me for authentication and reports a 401.1 if I cancel:

HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

Module	WindowsAuthenticationModule

Notification	AuthenticateRequest

Handler	ExtensionlessUrlHandler-Integrated-4.0

Error Code	0xc000006d

How to do resolve this ?

Thanks in advance for any help

content security policy frame ancestors

$
0
0

Does any know if there are a maximum number of url's you can put in in content security policy frame  ancestors ' self' < source> <source> i have third parties connecting to my API but are getting violations errors. when their web site is white listed in frame ancestors. the list is long and their site is is listed in my policy after the last one that shows up on the violations list? a much larger client is not having any issues with their url's that are after the new client. so i m wondering if there a max number of of sites in the config?

IIS URL Redirect + F5 Offload

$
0
0

Hi, I am confused regarding IIS HTTP to HTTPS URL redirect + F5 SSL Offloading.

Currently... I have a website on IIS that I am redirecting from HTTP to HTTPS using URL Rewrite module and at the same time also using F5 to Offload same website from port 80 to port 443.  Website works fine using server link or the F5 link.

I am wondering why is F5 getting a response on port 80 from IIS when the redirect is enabled?  F5 is not set to accept response on 443 from this IIS server as that is not configured.

Thanks,

Bilal

Problem Overlapping Users Sessions

$
0
0

Hello all
I have a very strange problem
I have a website that works for years well on Windows Server 2008 and IIS7
You have moved the website to another server running Windows Server 2012 and IIS8.5
After the Running.. Surprises overlap in the sessions of users meaning:
When userA Login find other User profile .

I have moved all the settings from the old server to the new Server but Same problem .

What I Do , What I check?

Please Help

IIS Windows Authentication : User of some domains in LDAP domain can't connect ( Invalid credentials ) , even if they part of Administrators Users

$
0
0

Hello guys , 

I'm facing issues when connecting a certain user for certain in our LDAP/ Active directory domain .

What I want is to deny access to  my websites for all users except some belonging to certain domain .

To proceed , I have added the users domains to Administrators group or the specific user but it is not working . ( It is a bad practice but I want to force a little bit in order to understand it quickly 

Note that that the user can't connect to the windows server as normal user via Remote Desktop Connection also I don't know why

1)My basic question is : It is mandatory that in order to perform an Windows Authentication  via IIS , an user should have the right to connect to the windows server itself ( via RDP or whatever ) 


IP Address and Domain Restrictions - Missing Enable Proxy Mode

$
0
0

Hi,

I am running IIS7 on windows 2008r2 sitting behind a load balancer.  I have installed "IP Address and Domain Restrictions".

However when I "Edit Feature Settings" at domain (or even server level) I do not have the tick boxes to "Enable Proxy Mode" as I need to be able to restrict IPs based on the "x-forwarded-for" header.

All I have is

Access for unspecified Clients: (Drop Down)

Enable domain name restrictions (Check Box)

Do I need to enable this some where else before it shows?

IIS reveals its real or internal IP address

$
0
0

I'm basically trying to make IIS not bring back the internal IP from HTTP 1.0 request as demonstrated here.

https://blog.rohitl.com/2014/08/internet-information-servicesiis.html

My question is /alternatehostname seems to always be FQDN. What do you do with a website that is not on a domain and has multiple public addresses like webmail.domainname.com, activesync.domainname.com, etc..? Do you run the appcmd.exe set config /alternateHostName: multiple times?

Windows authentication problem only on domain controller

$
0
0

Hi, 

I have two computer with windows server 2019, one as standard workstation and the other as domain controller.  My web site work as expected in my development workstation, but when i transfer the exact same web site to server, my authentication didn't seems to work.  I receive the authentication box, but that box didn't want to accept my credential.

So the only difference is that my web site is host on domain controller.

I am using Windows Authentication in IIS.

Any idea?

Thankx

How to support .net applications work properly with TLS 1.2 Protocol?

$
0
0

I have a .net application (.NetFrameWork 3.5) deployed in windows server 2012 R2 and its application pool running under .Net CLR V2.0. This application consuming WCF Service that will get some data from the database.

In Windows Server when I disable TLS 1.0, TLS 1.1 Protocols and I enable TLS 1.2 this WCF service has not worked, for this WCF service work properly in server what will be new changes should I implement?

Windows Authentication: WebResource.axd 401 2 5 0

$
0
0

We have an asp.net intranet website (.Net Framework 4.7.2) that uses Windows Authentication on a Server 2016 server.  An alias "midasuat" was created for the server and it was added to the site as a Site Binding; 

Type: http          Host Name: blank                Port: 85

Type: http          Host Name: midasuat          Port: 80

When we access the site anywhere from our network, it works just fine.  The users are automatically authenticated and are not prompted for their credentials.

As soon as we point the alias to a load balancer using https which in turn redirects traffic to our http site, all heck breaks loose.  The user is authenticated, but the site starts prompting users for their credentials multiple times in each site page as it tries to access its resources (images, etc.).  Reviewing the IIS logs, it appears that the user id is missing whenever the log item has a 401 and contains the user id when the log item has a 200.  What would cause the user id to be missing on the 401 item records?  For example,

2019-09-26 13:59:49 10.223.9.162 GET /WebResource.axd d=JkAB5ka8negpT8ybXEQZMXxXI9mJWpZWmTkEkbVZKeZS16GTozxIRs469PerGU9KNENukSCIt4T3de2k-mfoqglRegUjKAtpRzZSb47vMohrCg1scSa6bDZuAqEyj2CHJ4ivP3z6y-gKMxyiqY8BMg2&t=635918956660000000 85- 10.223.7.27 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/77.0.3865.90+Safari/537.36 https://midasuat.company.com/Default.aspx 401 1 2148074248 0

2019-09-26 13:59:49 10.223.9.162 GET /WebResource.axd d=b8adWYak0tImLef4A3fc9VL8hsWyhp8x_X-Sv_mxjx9SgprVPmtmNrBh5mzsC_dOstvN1diFs3YXDKg6hYJqiFV_BkYSjpInbOH15qNFyLksqiHpzwNbq7jrOarxSpaLxB9wocMYNgiG-e2_hp56sA2&t=635918956660000000 85Company\userID 10.223.7.27 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/77.0.3865.90+Safari/537.36 https://midasuat.company.com/Default.aspx 200 0 0 0

Any and all assistance is greatly appreciated.  Thank you.

Barcelona vs Inter Watch Online

$
0
0

https://francevs-usa.com/barcelonavsinter/
https://francevs-usa.com/chelseavslille/
https://francevs-usa.com/liverpoolvssalzburg/
https://francevs-usa.com/barcelonavsinter-live/
https://newzealandvs-canada.com/barcelonavsinter-live/
https://newzealandvs-canada.com/liverpoolvssalzburg-live/
https://usavs-france.com/barcelonavsintermilan/
https://usavs-france.com/barcelonavsintermilan-live/

Georgia vs Fiji Tv Channel

$
0
0

https://georgiavsfiji.com/
https://georgiavsfiji.com/live/
https://georgiavsfiji.com/stream/
https://georgiavsfiji.com/reddit/
https://georgiavsfiji.com/fijivsgeorgia/
https://georgiavsfiji.com/fijivsgeorgiastream/


Ireland vs Russia Tv Coverage

$
0
0

https://irelandvs-russia.com/
https://irelandvs-russia.com/live/
https://irelandvs-russia.com/stream/
https://irelandvs-russia.com/reddit/
https://irelandvs-russia.com/russiavsireland/
https://irelandvs-russia.com/russiavsireland-live/
https://irelandvs-russia.com/rugby/

site bindings sharing SSL cert

$
0
0

Good afternoon,
I have a 2016 server that is hosting a ton of sites.
One of the sites have multiple site bindings with each its own SSL certificate.
But 3 of these sitebindings will always share the same certificate. If I change one bindings certificate. The other 2 are also automatically changed to the new certificate.
If I add a new binding this binding will also share that same certificate. And changing its cert will also change it for the other bindings.
Every binding needs its own certificate

Thank you in advance for your time

Setting permissions with no risk?

$
0
0

Hi all

I have been seaching for days and hours to find an answer that I can understand without getting confused :D

My sites are running perfectly and no errors but however, i'm a little worried about the security on each site.

Im really getting confused about all the informations about IIS_IUSRS and IUSR and its security.

I think its because of my bad english lol :)

I will try to explain the best way I can:

One of my sites need to have several of folder read- and writeable so I gave the IUSR all right except Full control, otherwise the installer wan't run and get alot of warnings about folders not writeable!

Then I gave IIS_IUSRS_machinename list only.

The site is now running with no problem except a curl problem I write in another post.

But im worried about the security now that the IUSR has all these rights and all visitors can upload/hack ect..?
Should I be worried or is there anything else I should do?

Thanks in advance

Setting folder access on IIS 7.5

$
0
0

Hello,

I kindly ask for your help.

Under Default Web Site there is a folder named "Monitoring". So the web address is "server.domain.com\monitoring".

I would like to restrict access to only this folder (and its content), that only domain group called "SG_Monitoring" has access to it.  

What settings i need to change?  Shall I change settings under Authentication settings, or do u recommend disable access on NTFS level?  (remove IIS_IUSRS) .. 

I dont want to change Default Web Site settings, unless its necessary.

Bonus but not required.. In case of disabled access due to lack of membership of SG_Monitoring group, there should load custom webpage instead of generic "you dont have permissions to view this page".

Regards

IIS File Upload_issue

$
0
0

Hi Guys,

I've developed a python web application for uploading files which is working fine in local system. In our office environment, we have a windows remote server where we use IIS to create a site and deploy it. So we can access that webpage in our local environment.
The issue is when i upload a file from my local environment, im getting below error
File not uploaded 400 Bad Request: The browser (or proxy) sent a request that this server could not understand.

I'm trying for the past 2 days to fix this but no luck. Could you guys help to fix this issue.

Do i need to change add anything in web.config file (or) any permissions related ?

Regards,

Vinoth

Viewing all 1881 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>