Closed galenklein closed 3 years ago
bill-long
commented
3 years ago [ERROR] Unable to proceed on SBE-PZEXHYBRID, path to IIS URL Rewrite Module MSI not provided and module is not
installed.That means you need to download the MSI and provide the path. Check out #101
erinIs1337
commented
3 years ago Added guidance, please let me know if this resolves the concerns. Thanks!
LuMiSta
commented
3 years ago the script only checks if the en-US version of the IIS rewrite module is installed. If a different language version is installed it fails. If you try to run the script with the path to the msi-package it still fails, because another version of the msi is already installed.
br-itfe-dk
commented
3 years ago Added guidance, please let me know if this resolves the concerns. Thanks!
You can add all the "guidance" as you want, but when the script is wrong, will do no good... IIS Rewrite Module 2.0 for older IIS has the GUID: {EB675D0A-2C95-405B-BEE8-B42A65D23E11}
cosine83
commented
3 years ago Added guidance, please let me know if this resolves the concerns. Thanks!
You can add all the "guidance" as you want, but when the script is wrong, will do no good... IIS Rewrite Module 2.0 for older IIS has the GUID: {EB675D0A-2C95-405B-BEE8-B42A65D23E11}
Can confirm this finding. The MSI GUID the script checks is incorrect for the version of the URL Rewrite module for IIS 8.5 and below (7.2.2). After updating the script with the GUID I found in my registry (which matches the post above), the script ran without error. The scripts needs additional logic added to account for the different GUIDs.
designchris
commented
3 years ago It's not just about different versions of IIS/URL Rewrite module, but also about different languages. I had to change the GUID here too, as I'm using the German x64 version (de-DE x64) of URL Rewrite 2.1 (7.2.1993) on IIS 10/Server 2019. In this case the GUID is: {128E7B46-BFAF-48B5-B00B-D9E349FE9EFF}
YipYup
commented
3 years ago Added guidance, please let me know if this resolves the concerns. Thanks!
You can add all the "guidance" as you want, but when the script is wrong, will do no good... IIS Rewrite Module 2.0 for older IIS has the GUID: {EB675D0A-2C95-405B-BEE8-B42A65D23E11}
I can also confirm this is the case.
erinIs1337
commented
3 years ago Thanks for the feedback and catching this one. This script should now support all language versions.
galenklein
commented
3 years ago Thanks for all the great feedback!
Galen W. Klein CJIS ITIL® Klein IT Consulting Services, LLC 1911 Wagon Wheel Cir. E. Tallahassee, FL 32317 Phone: 850-363-1133
From: dbacon247 notifications@github.com Sent: Tuesday, March 9, 2021 9:29 AM To: microsoft/CSS-Exchange CSS-Exchange@noreply.github.com Cc: Galen W. Klein gklein@kitcs.com; Author author@noreply.github.com Subject: Re: [microsoft/CSS-Exchange] [Issue] BackendCookieMitigation.ps1 error (#117)
Thanks for the feedback and catching this one. This script should now support all language versions.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/microsoft/CSS-Exchange/issues/117#issuecomment-793970839, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATD6FXTUBB5HP2DKZG7NYTLTCYPDTANCNFSM4YX6DNLQ.
Can you provide what version of IIS Rewrite Module or additional information? Is this expected behaviour.
Describe the issue [ERROR] Unable to proceed on SBE-PZEXHYBRID, path to IIS URL Rewrite Module MSI not provided and module is not installed.
Expected behavior This mitigation will filter https requests that contain malicious X-AnonResource-Backend and malformed X-BEResource cookies
Script Output [ERROR] Unable to proceed on SBE-PZEXHYBRID, path to IIS URL Rewrite Module MSI not provided and module is not installed. At C:\utilities\zero day ioc tool\BackendCookieMitigation.ps1:94 char:13
Additional context Exchange 2016 Hybrid server