Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: force extention handling in IIS?

from [Ken Schaefer] Network Security [Permanent Link]
Subject: RE: force extention handling in IIS?
Date: Tue, 15 Feb 2005 10:55:34 +1100 
ASP files (.asp .asa etc) are handled by an ISAPI Extension, not an ISAPI
Filter, so I'm not sure what you mean by setting a filter. Certainly you
could write your own filter to look at incoming requests and rewrite them (or
similar), but that would probably be overkill (there are some 3rd party ISAPI
filters that do this)

FWIW:
PHP (.php) can be setup either as an ISAPI Extension or as CGI (check
www.visualwin.com for instructions)

Cheers
Ken

: -----Original Message-----
: From: Cory Foy [mailto:Cory.Foy@mobilehwy.com]
: Subject: Re: force extention handling in IIS?
: 
: In your ISAPI Filters, can't you just set up a filter for file.asp and
: have it point to the PHP ISAPI, instead of doing *.php or some other
: wildcard?
: 
: Cory
: 
: Ken Schaefer wrote:
: > Neither of these two things will work.
: >
: > a) Server.Transfer() will attempt to run the page using the ASP engine.
The
: > ASP ISAPI extension doesn't understand PHP
: >
: > b) That affects all .asp pages (as you note), but OP says that he can't
: > change the setting for all ASP pages (yet). However, this setting is
actually
: > on an Application by Application basis. You can create a new web
application
: > at any folder level in the web root hierarchy via the IIS Manager. So, if
you
: > convert an entire folder worth of files, you could remap .asp -> PHP
ISAPI
: > extension on a folder-by-folder basis.
: >
: > One could use redirects, but I hear that you get penalised by search
engines
: > if you do that sort of thing on a massive scale.
: >
: > Cheers
: > Ken
: >
: > : -----Original Message-----
: > : From: Damhuis Anton [mailto:DamhuisA@aforbes.co.za]
: > : Sent: Monday, 14 February 2005 5:29 PM
: > : To: webappsec@securityfocus.com
: > : Subject: RE: force extention handling in IIS?
: > :
: > :
: > : I have never tried it, but maybe a Server.Transfer to the PHP page?
: > :
: > : With Server.Transfer the client still sees the original page (.asp) but
it
: > will be
: > : processed but the second page.
: > :
: > : Another option is to change the engine reference in IIS
: > :
: > : Open IIS
: > : Right Click your WEBSite,
: > : Select 'Home Directory' tab.
: > : Click Configuration button.
: > : In Application Mappings List select .asp
: > : Click Edit.
: > : Enter the PHP Engine Dll Name in executable text box.
: > :
: > : This will make sure that ALL .asp extensions in the selected web site
will
: > use the
: > : PHP Engine.
: > :
: > : Regards
: > :   Anton
: > :
: > : -----Original Message-----
: > : From: Leigh Morresi [mailto:leighm@linuxbandwagon.com]
: > : Sent: 14 February 2005 01:29
: > : To: webappsec@securityfocus.com
: > : Subject: force extention handling in IIS?
: > :
: > :
: > : Hi there
: > :
: > : Trying to fix some loose ends by initally rewriting a couple of ASP
: > : scripts as PHP
: > : is it possible to force IIS (6.0) to run a file.asp with PHP? i cant
: > : change the filename because
: > : we have a lot of clients with some 3rd party applicaiton that is
: > : connecting to the "file.asp"
: > :
: > : IIS will let me run PHP scripts and set the file extention but not on a
: > : per-filename basis
: > :
: > : any ideas?
: > :
: > : leigh
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: current responses to phishing, q q
Next by Date:  RE: ISA Server and SQL Injection, Hofmeyr, Michael (ZA - Johannesburg)
Previous by Thread:  Re: force extention handling in IIS?, Cory Foy
Next by Thread:  Re: force extention handling in IIS?, Adam Tuliper
Indexes:  [Date] [Thread] [Top] [All Lists]