I am seeing “Failed in VerifyRFC” errors in my SecureIIS logs. What is this and how does SecureIIS use it to protect my server?
RFC checking was introduced in SecureIIS 1.2.6. Basically, SecureIIS is verifying that web clients are abiding by the “rules of the road” for web traffic. In some cases an attacker can manipulate the HTTP protocol to exploit a certain class of IIS vulnerability. HTTP manipulation can also be used to bypass certain security systems (like IDS’s), so SecureIIS will catch these incoming attacks even if they are not directly exploiting a hole in the web server. If you are seeing an abnormal number of VerifyRFC errors in your SecureIIS logs, chances are you are running a web-based application that is violating an RFC rule, and the SecureIIS log entry can help you track down the location of the problem.
Related Questions
- My users are seeing page not found errors, my server is reporting MaxVirtualHosts exceeded, my database is not proxying correctly, or I am having another problem with EZproxy. Where should I start?
- I am seeing strange errors when I start up the server, like NoClassDefFound, or LinkageError, or IncompatibleClassVersionError. What is going on?
- When I start the server, I see servlet errors in my logs. Whats wrong?
