You could remove the .jsp handler inside of IIS. You open the properties of the web site and then click the "Home Directory" tab and then "Configuration." It should show you all of the extensions being handled. I believe IIS 5 and 6 have teh same feature.
Teddy On 9/21/06, Eric Haskins <[EMAIL PROTECTED]> wrote: > > Hey Everyone, > > I am trying to get IIS to NOT send .jsp requests to CFMX. We are > getting dinged on our PCI Compliance scans because they hit our servers > with > a bunch of crap .jsp,.cgi,cfm to see what the server gives up. Well if you > are running standalone it will throw a "500 License Exception > Violation." PCI sees it as a disclosure > > Does anyone know if I can turn off jsp's on standalone?? > > -- > ~Eric > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:253774 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
