IIS May Permit Clients with an Unresolved IP Address to Connect

• Microsoft Internet Information Server version 4.0

SYMPTOMS

When using IIS IP and Domain Restrictions to deny clients by a specific domain name, a client with an IP address that IIS cannot resolve will still be allowed to connect. The client may request content over this connection for the duration of the session. If the client makes a request over a different connection, it will be properly denied, and will receive a 403 error that the IP address is not allowed.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

   Date      Time                 Size    File name     Platform
   -------------------------------------------------------------
   09/16/99  12:40PM              322KB   asp.dll       x86
   09/16/99  12:38PM              043KB   coadmin.dll   x86
   09/16/99  12:39PM              011KB   ftpctrs2.dll  x86
   09/16/99  12:39PM              080KB   ftpsvc2.dll   x86
   09/16/99  11:49PM              012KB   httpext.h     x86
   09/16/99  12:38PM              018KB   iisadmin.dll  x86
   09/16/99  12:38PM              062KB   iislog.dll    x86
   09/16/99  12:38PM              017KB   infoadmn.dll  x86
   09/16/99  12:38PM              181KB   infocomm.dll  x86
   09/16/99  12:38PM              029KB   iscomlog.dll  x86
   09/16/99  12:39PM              011KB   iwrps.dll     x86
   09/16/99  12:37PM              070KB   metadata.dll  x86
   09/16/99  12:38PM              051KB   nsepm.dll     x86
   09/16/99  12:39PM              015KB   w3ctrs.dll    x86
   09/16/99  12:39PM              224KB   w3svc.dll     x86
   09/16/99  12:38PM              086KB   wam.dll       x86

   09/16/99  03:40PM              537KB   asp.dll       alpha
   09/16/99  03:38PM              076KB   coadmin.dll   alpha
   09/16/99  03:39PM              017KB   ftpctrs2.dll  alpha
   09/16/99  03:40PM              124KB   ftpsvc2.dll   alpha
   09/16/99  03:40PM              028KB   iisadmin.dll  alpha
   09/16/99  03:40PM              110KB   iislog.dll    alpha
   09/16/99  03:40PM              026KB   infoadmn.dll  alpha
   09/16/99  03:40PM              181KB   infocomm.dll  alpha
   09/16/99  03:40PM              297KB   iscomlog.dll  alpha
   09/16/99  03:40PM              017KB   iwrps.dll     alpha
   09/16/99  03:40PM              129KB   metadata.dll  alpha
   09/16/99  03:40PM              051KB   nsepm.dll     alpha
   09/16/99  03:40PM              021KB   w3ctrs.dll    alpha
   09/16/99  03:40PM              377KB   w3svc.dll     alpha
   09/16/99  03:40PM              146KB   wam.dll       alpha 

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/IIS40/hotfixes-postSP6/security/IPRFTP-fix/

STATUS

Microsoft has confirmed this to be a problem in Internet Information Server 4.0.

MORE INFORMATION

For related information on this problem, please visit the following Microsoft Web site:

http://www.microsoft.com/security/bulletins/

http://www.microsoft.com/security/

Additional query words:

Keywords : kbDSupport kbIIS kbfix kbiis400
Version : winnt:4.0
Platform : winnt
Issue type : kbbug