PROPFIND from WebDAV clients to IIS recently gets 405

Programming and Web Development Forums - IIS - About IIS Web Server Security Issues

Skip to content

PROPFIND from WebDAV clients to IIS recently gets 405

IIS
Post a reply

    Sponsored Links

    Next

  • 1. IIS Password Expiry Period issues
    Hi there, We have a problem with user accounts who have been prompted to change their passwords in xx days. The majority of users access resources by web (Exchange 2003 OWA, Sharepoint, IIS etc). Currently users are notified of their expiring password 14 days before the password is expired. When the users login to OWA they receive a notification, but then can access OWA. However when they try to login to Sharepoint, or other webpages running on IIS, they cannot login at all. I would expect this perhaps after their password has expired, but not before. Does anyone have any links to resources that could assist here? Thanks in advance. cheers!
  • 2. Is it possible to provide access to Local IIS Manager for Domain u
    Hi Could anyone please let me know if we can provide access only to local IIS Manager for domain user and we want he/she to be an normal user not as an Admin or in Admin grps....??? As of now the domain users r in Admin grps, so they change the system configuration when they log into their desktop... so we dont want to give them admin access....... please help us!!!! :(
  • 3. Integrated authentication constant password promts
    I setup this web app to use integrated authentication. When i load it, it asks for username / password. I provide it, and the application loads. Now, since it's an Ajax application, when i click on something it makes an Ajax call do data.aspx. When that happens, i get prompted for a password again? The thing is, no matter what i provide, i get prompted for a password. If i try to access data.aspx directly through the browser, i provide username and pass, and i get the data. Back in the app though, i still get prompted for password. Why is this inconsistent behavior occurring? Isn't the authentication supposed to be by session and persist across all serverside scripts?
  • 4. How to make domain users access local-IIS for web devp
    I work in a company which develops web apps in ASP, ASP.NET, PHP, Java, etc. All developers hv been logging in to the systems as administrators (of their own local machine - XP Pro) and doing their devp. things. We are now planning to implement AD and make developers login thru their Domain UN/PW on the PDC (win2k3 R2 server). I set up a PDC and tried one of the XPPRO desktop to get to domain and login. All smooth as yet. Now, when i fire up Visual Studio 2005 as a test, it runs fine. The problem i encountered when i was trying to access inetmgr (IIS Manager). I dont see "DEFAULT WEB SITE" and virtual dirs under it; just IIS > Local computer > Web sites and nothing beyond this. However, if i login to the same desktop as Administrator (either of the local system or as Domain Admin) i see the DEFAULT WEB SITE and all virtual dirs under it. Also i want them not to log in as Administrator but they should be able to access local IIS Manager. Please help

PROPFIND from WebDAV clients to IIS recently gets 405

Postby Van Ly » Sun, 06 Mar 2005 16:40:29 GMT 

Hello,

I've been working with WebDAV on IIS 6 on a Windows 2003 Server box.  My 
client program and also other WebDAV clients such as DAVExplorer were able 
to connect and retrieve properties of files on the W03 box.

Recently our I.T. installed a bunch of security patches onto the box.  And 
the WebDAV clients that I use now get a 405 (Method Not Allowed) whenever 
they attempt a PROPFIND command on the server.  DAVExplorer actually 
doesn't even connect now since the first thing it normally does is to use 
PROPFIND to get a subdirectory listing.

Are there any settings on the Web share that I'm not aware of?  The Web 
share currently has Read/Write/Browse turned on.  The actual directory on 
an NTFS has Full Control granted to the "Users" group which should apply to 
all.

Thanks,
Van
Top

Similar Threads:

1.PROPFIND produces 405 - Method Not Allowed Error

2.propfind webdav 'sploit in 2003 iis 

Well,

some guy used webdav to change all the security settings 
on a brand new 2003 server install.

he created an admin account and disbabled access from the 
network for others.

I turned off anon access for ftp, which I can keep that 
way, and www, which I want anon access for eventually.

What else should I do?  Is there a patch out for this?  I 
ran windows update *prior* to this hack, and I've since 
run the baseline security analyzer.  I'm about as up to 
date as I can find.

TIA

Sample Log entry below

 2003-10-12 01:37:39 [ouripaddress] OPTIONS / - 80 - 
217.230.96.48 [<--dial up ip address not ours] Microsoft-
WebDAV-MiniRedir/5.1.2600 200 0 0
0 - 217.230.96.48 Microsoft-WebDAV-MiniRedir/5.1.2600 501 
0 0
#Software: Microsoft Internet Information Services 6.0

those times concurrent with the hack.

3.405 Error with WebDAV - affecting OWA 

We've recently run the transition pack to move from SBS Premium to
seperate components, all still on the same server at present. Since
doing so we've been unable to use the Outlook Web Access premium
client. I've tracked this down to IIS returning a 405 HTTP Verb is not
allowed when a HTTP SEARCH request is made to IIS. The log file for IIS
shows the following:

2006-08-22 14:45:41 192.168.234.1 GET
/exchweb/6.5.7651.25/controls/tf_Messages.xsl - 80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0
2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Inbox/ -
80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
405 0 0
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE
/exchange/richardba/Calendar - 80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
401 2 2148074254
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE
/exchange/richardba/Calendar - 80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Tasks -
80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
401 2 2148074254
2006-08-22 14:45:41 192.168.234.1 SUBSCRIBE /exchange/richardba/Tasks -
80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0
2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Calendar -
80 rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
405 0 0
2006-08-22 14:45:41 192.168.234.1 SEARCH /exchange/richardba/Tasks - 80
rse\richardba 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
405 0 0
2006-08-22 14:46:15 192.168.234.1 GET /exchange/ - 80 - 192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
401 2 2148074254
2006-08-22 14:46:15 192.168.234.1 GET /exchange/ - 80 rse\richardba
192.168.234.125
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2)
200 0 0

I'm not sure as to whether this is an issue in IIS or with Exchange
(hence posting similar question here and Exchange newsgroup)
As far as I can work out SEARCH is a WebDAV request - what is the best
way of checking if WebDAV is working correctly? And does anyone have
any ideas on how to rectify this?

Thanks,
--Richard Burns-Allan

DipComp DipIT BSc(Hons) MBCS
MCSA(2000 & 2003) MCSE(NT4, 2000, 2003) Security+

IT Systems Engineer
Ross-shire Engineering Limited

4.Propfind /Admin$ 404 Microsoft-WebDav-Miniredir /5.1.2600 

I know I have been Hacked. I am trying to see were the 
hole is 
Does anyone know what vulnerabilty this is and how to 
patch it?

 "Propfind /Admin$ 404 Microsoft-WebDav-
Miniredir /5.1.2600"
Right under that in the same log file

"get /robots.txt -404 Mozilla/4.01 (compatible;+grub-
client-1.4.3;+crawl+your+own+Stuff+with=Http://grub.org

5.problem with webdav client Microsoft-WebDAV-MiniRedir 

Hi
I have a problem with web dav client for 
xp:Microsoft-WebDAV-MiniRedir/5.1.2600 
It does not show the displayname but the url of folder, which is not the same.
This is what happens:
I've mappen the web dav drive to my network places. If i open explorer, 
browse to networkplaces and click on the drive. The subfolders displayname 
get the last part of the url as displayname and not the <displayname> property
If i make a shortcut and then opens it through that path, it uses "Microsoft 
Data Access Internet Publishing Provider DAV" which displays it correctly.
They recieve exactly the same response 

Is there any fix for this, and if not, can i force a certain client to be 
used always?

6. How to Resolve an HTTP 405 Resource not allowed Error in IIS

7. HTTP 405 Error / How to enable POST in IIS 6.0 to allow jscript to run

8. When i try to save something in Sharepoint 2003, error IIS 405 occ

Post a reply

Return to IIS

 

Who is online

Users browsing this forum: No registered users and 26 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group