IIS-Redirect to Secured Page Produces Successful Anonymous Access Log Entry (178559)


The information in this article applies to:

  • Microsoft Internet Information Server 3.0
This article was previously published under Q178559


We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SYMPTOMS

When a Microsoft Active Server Page (ASP) or HTML page redirects to another ASP or HTML page, and both pages are secured (no anonymous access), an entry is made in the Internet Information Server (IIS) log that indicates the anonymous user successfully accessed the second document.

RESOLUTION

Upgrade to Microsoft Internet Information Server version 4.0.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Internet Information Server version 3.0. This problem has been corrected in version Microsoft Internet Information Server version 4.0.

MORE INFORMATION

On Internet Information Server 4.0, the status code for is 401 (Access Denied, Unauthorized). On Internet Information Server 3.0, the status code is 200 (OK).
Modification Type:MajorLast Reviewed:11/9/2005
Keywords:kbbug kbfix KB178559
©2004 Microsoft Corporation. All rights reserved.