IIS-Redirect to Secured Page Produces Successful Anonymous Access Log Entry

ID: Q178559

The information in this article applies to:

Microsoft Internet Information Server version 3.0

SYMPTOMS

When a Microsoft Active Server Page (ASP) or HTML page redirects to another ASP or HTML page, and both pages are secured (no anonymous access), an entry is made in the Internet Information Server (IIS) log that indicates the anonymous user successfully accessed the second document.

RESOLUTION

Upgrade to Microsoft Internet Information Server version 4.0.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Internet Information Server version 3.0. This problem has been corrected in version Microsoft Internet Information Server version 4.0.

MORE INFORMATION

On Internet Information Server 4.0, the status code for is 401 (Access Denied, Unauthorized). On Internet Information Server 3.0, the status code is 200 (OK).

Additional query words: Security Logging produces access log entry


Keywords          : 
Version           : IIS:3.0
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: April 30, 1999