IIS-Redirect to Secured Page Logs Successful Anonymous Access

Last reviewed: March 4, 1998
Article ID: Q178559

The information in this article applies to:

Microsoft Internet Information Server version 3.0 ---------------------------------------------------------------------

SYMPTOMS

When a Microsoft Active Server Page (ASP) or HTML page redirects to another ASP or HTML page, and both pages are secured (no anonymous access), an entry is made in the Internet Information Server (IIS) log that indicates the anonymous user successfully accessed the second document.

RESOLUTION

Upgrade to Microsoft Internet Information Server version 4.0.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Internet Information Server version 3.0. This problem has been corrected in version Microsoft Internet Information Server version 4.0.

MORE INFORMATION

On Internet Information Server 4.0, the status code for is 401 (Access Denied, Unauthorized). On Internet Information Server 3.0, the status code is 200 (OK).

Additional query words: Security Logging produces access log entry
Keywords : iisgeneral kbbug3.00
Version : IIS:3.0
Platform : winnt
Hardware : ALPHA x86
Issue type : kbbug
Solution Type : kbfix

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: March 4, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.