DOCUMENT:Q178559 02-MAY-1999 [iis] TITLE :IIS-Redirect to Secured Page Logs Successful Anonymous Access PRODUCT :Internet Information Server PROD/VER:IIS:3.0 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server 3.0 ------------------------------------------------------------------------------- SYMPTOMS ======== When a Microsoft Active Server Page (ASP) or HTML page redirects to another ASP or HTML page, and both pages are secured (no anonymous access), an entry is made in the Internet Information Server (IIS) log that indicates the anonymous user successfully accessed the second document. RESOLUTION ========== Upgrade to Microsoft Internet Information Server version 4.0. STATUS ====== Microsoft has confirmed this to be a problem in Microsoft Internet Information Server version 3.0. This problem has been corrected in version Microsoft Internet Information Server version 4.0. MORE INFORMATION ================ On Internet Information Server 4.0, the status code for is 401 (Access Denied, Unauthorized). On Internet Information Server 3.0, the status code is 200 (OK). Additional query words: Security Logging produces access log entry ====================================================================== Keywords : Technology : kbiisSearch kbiis300 Version : IIS:3.0 Hardware : ALPHA x86 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 1999.