Beruflich Dokumente
Kultur Dokumente
Page 1 of 3
TechNet Home > Products & Technologies > Servers > ISA Server TechCenter Home > ISA Server 2004 > Technical Library > Configuration and Administration
Introduction
HTML forms in a Web page allow the collection of user information. RFC 1867 defines a number of extensions that allow users to submit files with HTML forms. Forms are often processed so that submitted files are uploaded and stored on the disk of the Web server. The RFC extends the input types and attributes that are necessary for a file upload feature, including:
Adds a FILE option for the TYPE attributes of the HTML INPUT tag. Allows an ACCEPT attribute for the INPUT tag, which is a list of media type or type patterns allowed for the input. Defines a new MIME type: multipart/form-data, and specifies the behavior of HTML user agents when interpreting a form with ENCTYPE="multipart/form-data", and/or <INPUT type="file"> tags.
For example, the author of an HTML form might use the following to request one or more files from a user (example from RFC).
FORM ENCTYPE="multipart/form-data" ACTION="_URL_" METHOD=POST> File to process: <INPUT NAME="userfile1" TYPE="file"> <INPUT TYPE="submit" VALUE="Send File"> </FORM> For more detailed information, see RFC 1867: Forms-based File Upload in HTML. Typically, when a browser encounters an INPUT tag of type FILE, it allows users to specify a file, and provides a Browse button for file selection. When the form is submitted, file contents are included in the data sent, as defined by the specification of the multipart/form-data data type (data format, data encoding).
Top of page
2.
For ISA Server 2004 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2004, expand Arrays, expand Array_Name, and then click Firewall Policy. For ISA Server 2004 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2004, expand Server_Name, and then click Firewall Policy.
In the details pane, click the access rule that allows traffic from the source for which you want to block HTML form file uploads.
http://www.microsoft.com/technet/isa/2004/plan/block_forms.mspx?pf=true
21. 1. 2007
Microsoft TechNet: How to Block the Signature for HTML Forms File Upload
Page 2 of 3
3. 4. 5.
On the Tasks tab, click Edit Selected Rule. On the Protocols tab, click Filtering, and then click Configure HTTP. On the Signatures tab, click Add.
6.
7. 8. 9.
In Name, specify a name to identify the signature. In Description, optionally type a description to help you easily identify the signature. In Search in, click the drop-down list, and select Request headers. In HTTP header, type Content-Type:. In Signature , type multipart/form-data.
Click OK to close the Signature dialog box. Click OK to close the Configure HTTP policy for rule dialog box. Click Apply to apply the firewall policy change.
Top of page
Additional Information
For more information about other signatures that you may want to block, see Common Application Signatures at the Microsoft TechNet Web site. For more information about filtering access rules, see HTTP Filtering in ISA Server 2004 at the Microsoft TechNet Web site.
Top of page
http://www.microsoft.com/technet/isa/2004/plan/block_forms.mspx?pf=true
21. 1. 2007
Microsoft TechNet: How to Block the Signature for HTML Forms File Upload
Page 3 of 3
Manage Your Profile 2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
http://www.microsoft.com/technet/isa/2004/plan/block_forms.mspx?pf=true
21. 1. 2007