Another 404 experience
-
[edit] Solution found! [/edit] We are to deploy a webapp on a 2003 server for a customer, and we are getting 404 pages for every single postback. We are doing a lot of funny things on the pages that could trigger a security issue, but it all succeeds perfectly well untill a postback is attempted. The hardware and security is outsourced to a third company, so we haven't a clue about what settings they have fiddled with. On our own 2003 server it runs like a dream. I've checked with a simple aspx file with inline code, and it confirmed that the 404 was triggered by a postback. Does anyone have a clue about which setting could result in this? [edit] By the way, here's a much confusing bit from the log file: 2005-07-13 08:40:37 W3SVC87257621 GET /test.aspx - - 127.0.0.1 - localhost 200 0 854 322 15
2005-07-13 08:40:39 W3SVC87257621 GET /test.aspx - - 127.0.0.1 http://localhost/test.aspx localhost 404 0 258 535 15 [/edit] [edit] Solution found: The MS isapi filter urlscan was loaded by the security outsourcíng company, it was causing the problem. For now we have disabled it, and then we'll throw the ball to them to find out how to configure it to allow running our app. It will probably take a month or two :laugh: [/edit] "God doesn't play dice" - Albert Einstein "God not only plays dice, He sometimes throws the dices where they cannot be seen" - Niels Bohr -
[edit] Solution found! [/edit] We are to deploy a webapp on a 2003 server for a customer, and we are getting 404 pages for every single postback. We are doing a lot of funny things on the pages that could trigger a security issue, but it all succeeds perfectly well untill a postback is attempted. The hardware and security is outsourced to a third company, so we haven't a clue about what settings they have fiddled with. On our own 2003 server it runs like a dream. I've checked with a simple aspx file with inline code, and it confirmed that the 404 was triggered by a postback. Does anyone have a clue about which setting could result in this? [edit] By the way, here's a much confusing bit from the log file: 2005-07-13 08:40:37 W3SVC87257621 GET /test.aspx - - 127.0.0.1 - localhost 200 0 854 322 15
2005-07-13 08:40:39 W3SVC87257621 GET /test.aspx - - 127.0.0.1 http://localhost/test.aspx localhost 404 0 258 535 15 [/edit] [edit] Solution found: The MS isapi filter urlscan was loaded by the security outsourcíng company, it was causing the problem. For now we have disabled it, and then we'll throw the ball to them to find out how to configure it to allow running our app. It will probably take a month or two :laugh: [/edit] "God doesn't play dice" - Albert Einstein "God not only plays dice, He sometimes throws the dices where they cannot be seen" - Niels Bohrin the urlscan.ini file you need to allow "Post" "People who never make mistakes, never do anything." My blog http://toddsnotsoamazinglife.blogspot.com/
-
in the urlscan.ini file you need to allow "Post" "People who never make mistakes, never do anything." My blog http://toddsnotsoamazinglife.blogspot.com/
Thanks!, I guess it would please the security guys if we put the filter back on :-) "God doesn't play dice" - Albert Einstein "God not only plays dice, He sometimes throws the dices where they cannot be seen" - Niels Bohr