PROPFIND from WebDAV clients to IIS recently gets 405

Programming and Web Development Forums - IIS - About IIS Web Server Security Issues

Skip to content

PROPFIND from WebDAV clients to IIS recently gets 405

IIS
Post a reply

    Sponsored Links

    Next

  • 1. IIs Security across all .asps
    Sorry about the x-post, I believe I posed in the wrong group first and wanted to see if anyone here knew it... On our IIS 5 windows 2000 web server we have many .asp's.. most of which (When right clicked / security tab / edit authentication) are using Integrated Windows Authentication. Is there an easy way to check ALL of them? Some of the pages require a higher level of security (Our password reset page for example) and I am just auditing everything and want to make sure that only the few pages that require it are using the elevated security level. (By the way this is accomplished by using anonymous access with a domain account that is 'elevated'... I hate right clicking on 1000 different .asps to see the file / directory level authentication methods... is there an easy way to do this? Maybe through resource kit command line tools or some meta edit type tool ? Thank you in advance..
  • 2. CGI can't spawn process under IIS6
    Hello gurus, We are moving one of the clients' site over to W2K3 w/IIS6. A lot of learning has been done. Now my CGI is ABLE to run under created App Pool with identity of IWAM_compname user. Last step is taking me much longer that the rest: I can't start another process from within CGI with let's say system() command unless I make IUSR_compname account to be a member of Administrators group. I tried changing disk permissions for IUSR_ , tried Local System identity for my App Pool, started all sorts of auditing for failures... Can't get any idea of what is failing. Hard to search for problem... Any thoughts? Thank you Michael
  • 3. About remove iis 4 banner
    Hi all, i must remove a web server banner of iis 4.0 but i don't would like use urlscan or iislockdown tool. I remember that i can modify (edit) a windows dll for make this but i don't remeber the name of dll ? Anybody rember the name ? Thanks. -- ---
  • 4. IIS 5.0 Isolation Mode and SharePoint
    A while back I upgraded a W2K Server to W2K3 Server. It primarily acts as a web server. I need to install SharePoint Services (WSS) and I can't because my server when upgraded is running in IIS 5.0 Isolation Mode. So when I turn it off, all the web sites (there are 4) on the server start asking popping up an authentication box for access. Turn it back on and everything works just fine. Anyone know what to do here? Thanks, Bob
  • 5. SSL Redirect
    We have setup a custom error to redirect users when they try to access a site without using https. This work fine for any site that doesn't use asp.net. When you goto a site that uses asp.net you get the following error: The specified request cannot be executed from current Application Pool It is acting like it hasn't hit the 403.4 error yet, so my custom script hasen't redirected to https yet. Thanks, Jim Field XXXX@XXXXX.COM

PROPFIND from WebDAV clients to IIS recently gets 405

Postby Van Ly » Sun, 06 Mar 2005 16:40:29 GMT 

Hello,

I've been working with WebDAV on IIS 6 on a Windows 2003 Server box.  My 
client program and also other WebDAV clients such as DAVExplorer were able 
to connect and retrieve properties of files on the W03 box.

Recently our I.T. installed a bunch of security patches onto the box.  And 
the WebDAV clients that I use now get a 405 (Method Not Allowed) whenever 
they attempt a PROPFIND command on the server.  DAVExplorer actually 
doesn't even connect now since the first thing it normally does is to use 
PROPFIND to get a subdirectory listing.

Are there any settings on the Web share that I'm not aware of?  The Web 
share currently has Read/Write/Browse turned on.  The actual directory on 
an NTFS has Full Control granted to the "Users" group which should apply to 
all.

Thanks,
Van
Top

Similar Threads:

1.PROPFIND produces 405 - Method Not Allowed Error

2.propfind webdav 'sploit in 2003 iis 

Well,

some guy used webdav to change all the security settings 
on a brand new 2003 server install.

he created an admin account and disbabled access from the 
network for others.

I turned off anon access for ftp, which I can keep that 
way, and www, which I want anon access for eventually.

What else should I do?  Is there a patch out for this?  I 
ran windows update *prior* to this hack, and I've since 
run the baseline security analyzer.  I'm about as up to 
date as I can find.

TIA

Sample Log entry below

 2003-10-12 01:37:39 [ouripaddress] OPTIONS / - 80 - 
217.230.96.48 [<--dial up ip address not ours] Microsoft-
WebDAV-MiniRedir/5.1.2600 200 0 0
0 - 217.230.96.48 Microsoft-WebDAV-MiniRedir/5.1.2600 501 
0 0
#Software: Microsoft Internet Information Services 6.0

those times concurrent with the hack.

3.405 Error with WebDAV - affecting OWA 

We've recently run the transition pack to move from SBS Premium to
seperate components, all still on the same server at present. Since
doing so we've been unable to use the Outlook Web Access premium
client. I've tracked this down to IIS returning a 405 HTTP Verb is not
allowed when a HTTP SEARCH request is made to IIS. The log file for IIS
shows the following:

2006-08-22 14:45:41 192.168.234.1 GET
/exchweb/6.5.7651.25/controls/tf_Messages.xsl - 80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0
2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Inbox/ -
80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
405 0 0
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE
/exchange/richardba/Calendar - 80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
401 2 2148074254
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE
/exchange/richardba/Calendar - 80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Tasks -
80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
401 2 2148074254
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Tasks -
80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0
2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Calendar -
80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
405 0 0
2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Tasks - 80
rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
405 0 0
2006-08-22 14:46:15 192.168.234.1 GET /exchange/ - 80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
401 2 2148074254
2006-08-22 14:46:15 192.168.234.1 GET /exchange/ - 80 rse\richardba
192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0

I'm not sure as to whether this is an issue in IIS or with Exchange
(hence posting similar question here and Exchange newsgroup)
As far as I can work out SEARCH is a WebDAV request - what is the best
way of checking if WebDAV is working correctly? And does anyone have
any ideas on how to rectify this?

Thanks,
--Richard Burns-Allan

DipComp DipIT BSc(Hons) MBCS
MCSA(2000 & 2003) MCSE(NT4, 2000, 2003) Security+

IT Systems Engineer
Ross-shire Engineering Limited

4.Propfind /Admin$ 404 Microsoft-WebDav-Miniredir /5.1.2600 

I know I have been Hacked. I am trying to see were the 
hole is 
Does anyone know what vulnerabilty this is and how to 
patch it?

 "Propfind /Admin$ 404 Microsoft-WebDav-
Miniredir /5.1.2600"
Right under that in the same log file

"get /robots.txt -404 Mozilla/4.01 (compatible;+grub-
client-1.4.3;+crawl+your+own+Stuff+with=Http://grub.org

5.problem with webdav client Microsoft-WebDAV-MiniRedir 

Hi
I have a problem with web dav client for 
xp:Microsoft-WebDAV-MiniRedir/5.1.2600 
It does not show the displayname but the url of folder, which is not the same.
This is what happens:
I've mappen the web dav drive to my network places. If i open explorer, 
browse to networkplaces and click on the drive. The subfolders displayname 
get the last part of the url as displayname and not the <displayname> property
If i make a shortcut and then opens it through that path, it uses "Microsoft 
Data Access Internet Publishing Provider DAV" which displays it correctly.
They recieve exactly the same response 

Is there any fix for this, and if not, can i force a certain client to be 
used always?

6. How to Resolve an HTTP 405 Resource not allowed Error in IIS

7. HTTP 405 Error / How to enable POST in IIS 6.0 to allow jscript to run

8. When i try to save something in Sharepoint 2003, error IIS 405 occ

Post a reply

Return to IIS

 

Who is online

Users browsing this forum: No registered users and 40 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group