Configuring BlueZone Web-to-Host to Work With Microsoft IIS URL Scan
Introduction
Microsoft has introduced a new security utility for their IIS Web Servers. This utility is known as the Internet Information Services Lock Down Wizard. One of the features of the IIS Lock Down Wizard is called URL Scan.
The purpose of URL Scan is to increase web server security by limiting anonymous access to various files and services on your web server that anonymous users don’t normally need access to. A “side effect” of the URL Scan feature is that after it is installed, it will “break” BlueZone Web-to-Host.
The Symptom
When you try to launch any BlueZone emulation client, you get the following error:
The reason this happens is because by default, URL scan does not allow the downloading of any files with the file extension of .ini. In order for BlueZone-Web-to-Host to work properly, the BlueZone-Web-to-Host default.ini file must download every time an End User launches a BlueZone client.
The Solution
The solution is to make one minor change in the URL Scan configuration file. The URL Scan configuration file is located in the following location on your web server.
%windir%\system32\inetsrv\urlscan\urlscan.ini
Procedure
- Locate the urlscan.ini on your web server and edit it with Notepad.
- Scroll down until you find the section called [DenyExtensions].
- Continue scrolling until you come to the ; Deny various static files line.
- Comment out the .ini entry by placing a semicolon in front of it. This will in essence, allow .ini files to be downloaded.
- Stop and start the World Wide Web Publishing service under NT Services.
Sample of the urlscan.ini file
[DenyExtensions]
;
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
etc. ; Deny various static files
;.ini ; Configuration files
BlueZone-Web-to-Host will now work properly.
For more information on how to configure URL Scan, please refer to the following Microsoft Knowlegebase Article: 326444
|
