Remediation of IIS 6.0 folder resolution vulnerabilities

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Event: There was an earlier explosion a IIS6.0 file name resolution vulnerability, encountered upload/1.asp/200912041704063114.jpg will automatically parse into ASP file execution. This vulnerability arises in IIS6.0, where the processing of a folder extension error causes the files behind the folder named by the. asp to execute directly with the ASP code. So whatever format is behind the *.asp folder is executed as an ASP program. Similarly, this parsing can be used as long as an executable program is available. For example, if IIS does not remove the extension, 1.asa/xiaoma.jpg 1.cer/xiaoma.jpg can be executed as ASP code.

This loophole has been put up by many people on the internet, a lot of webmaster think is to change the program, I feel if the program is too large, and a server site too much, also can not manage, as an administrator can only from the point of view of the server, so provide the following remedial method, hope to help.

Workaround:

Use custom rules in Access Protection for McAfee VirusScan Software to create a new file/folder blocking rule, configure: rule name to fill in, fill in the process to include *, to block the folder or file name written **\*.asp\*.*, the above method is very simple, is the entire server to set up ~ hope to help everyone!

In fact, the method is very simple, that is, the use of Third-party software to prohibit the *.asp of the contents of the folder to create and run. A lot of software can be implemented. Reprint please keep the author URL: http://www.ceolearn.com This is my small station, I hope you keep!