<wayne@piercedknob.co.uk> wrote in message
news:1177355831.694689.254350@p77g2000hsh.googlegroups.com...
> Hi everyone,
>
> I have spotted a few posts on this matter but still a little
> confussed. Some people are saying that you need to install URLScan in
> order to disable this however i don't really want to install this and
> would much prefer to just disable it without the installation of
> additional software.
>
> If i issues the following commands once telneted to our webserver
> port 80;
>
> OPTIONS / HTTP/1.1
> Host: www.ourserversaddress.whatever
>
> i get
>
> HTTP/1.1 200 OK
> Allow: OPTIONS, TRACE, GET, HEAD
> Content-Length: 0
> Server: Microsoft-IIS/6.0
> Public: OPTIONS, TRACE, GET, HEAD, POST
> X-Powered-By: ASP.NET
> Date: Mon, 23 Apr 2007 19:13:50 GMT
>
> I still get the TRACE HTTP method included. In response to a
> pentration test we had done, i am looking to disable this.
>
> I have come across a registry key which doesn't seem to do anything,
> i applied the registry key and restarted our IIS Service and nothing.
> I then came across another post that said change the web.config file,
> i removed the only line i found with TRACE in it and it did no
> difference.
>
> I have read another post in here where someone is saying that the
> WEBDAV dll is the one thats saying its enabled even when it isn't
> enabled.
>
> The problem i have is that i need to put something into a report and
> i am struggling to come up with a conclusion on this one;
>
> 1. If the registry key is set to not have TRACE on (its off by
> default) yet i am getting it coming back, does this mean that it is
> disabled ?
> 2. Is there any other setting i have missed that will stop this from
> happening when i issue the commands to our webserver ?
>
> Thanks very much in advance for any replies.
>
> Regards
>

On Apr 23, 12:17 pm, w...@piercedknob.co.uk wrote:
> Hi everyone,
>
> I have spotted a few posts on this matter but still a little
> confussed. Some people are saying that you need to install URLScan in
> order to disable this however i don't really want to install this and
> would much prefer to just disable it without the installation of
> additional software.
>
> If i issues the following commands once telneted to our webserver
> port 80;
>
> OPTIONS / HTTP/1.1
> Host:www.ourserversaddress.whatever
>
> i get
>
> HTTP/1.1 200 OK
> Allow: OPTIONS, TRACE, GET, HEAD
> Content-Length: 0
> Server: Microsoft-IIS/6.0
> Public: OPTIONS, TRACE, GET, HEAD, POST
> X-Powered-By: ASP.NET
> Date: Mon, 23 Apr 2007 19:13:50 GMT
>
> I still get the TRACE HTTP method included. In response to a
> pentration test we had done, i am looking to disable this.
>
> I have come across a registry key which doesn't seem to do anything,
> i applied the registry key and restarted our IIS Service and nothing.
> I then came across another post that said change the web.config file,
> i removed the only line i found with TRACE in it and it did no
> difference.
>
> I have read another post in here where someone is saying that the
> WEBDAV dll is the one thats saying its enabled even when it isn't
> enabled.
>
> The problem i have is that i need to put something into a report and
> i am struggling to come up with a conclusion on this one;
>
> 1. If the registry key is set to not have TRACE on (its off by
> default) yet i am getting it coming back, does this mean that it is
> disabled ?
> 2. Is there any other setting i have missed that will stop this from
> happening when i issue the commands to our webserver ?
>
> Thanks very much in advance for any replies.
>
> Regards

<wayne@piercedknob.co.uk> wrote in message
news:1177406316.894890.25360@n15g2000prd.googlegroups.com...
> Just noticed that we have Webdav disabled on our server. Could
> FrontPage be causing this to come up ?
>

wrote:
> Dont think so...
>
> --
> Regards,
> Bernard Cheahhttp://www.iis.net/http://www.iis-resources.com/http://msmvps.com/blogs/bernard/
>
> <w...@piercedknob.co.uk> wrote in message
>
> news:1177406316.894890.25360@n15g2000prd.googlegroups.com...
>
>
>
> > Just noticed that we have Webdav disabled on our server. Could
> > FrontPage be causing this to come up ?- Hide quoted text -
>
> - Show quoted text -