Recommended procedures:
Microsoft Internet Information Server 5.0
description:
IIS5.0 allows users to touch their Web directory structure and physical paths
detailed:
We know, in IIS4.0, as long as you don't play Services Pack5, enter this path under WWW:
http://www.xxx.com/*.idc
Will appear:
**************************************************
Run query error
Unable to open the query file E: / Web / *. IDC. May be that the file does not exist or the permissions you need to open the file.
**************************************************
This is already supplemented in SP5.
However, in IIS5.0, this problem has taken out, such as Microsoft's homepage:
http://www.microsoft.com/vstudio/1.idq
Will appear:
*********************************************************** *************
The IDQ file d: /http/products/developer/devonly/prodinfo/vstudio/1.idq could not be found.
*********************************************************** *************
http://www.microsoft.com/1.ida
Will appear:
*********************************************************** *************
The IDQ file d: /http/1.idq could not be found.
*********************************************************** *************
* .idq and * .ida can
This is an information vulnerability, which makes it easy to invade the structure of the Web website, which greatly facilitates its modification of the homepage.
solution:
Open the IIS Management Console, select the Web site-attribute, on the "primary directory", at the "Configuration" button at the starting point, delete the mapping of IDA and IDQ. If you must use, double-click the map of IDA or IDQ, check "Check if there is" hook ", determine, exit
Security recommendations:
For useless applications mapping, it is recommended to delete
