00c - Disable the loopback adapter check or Specify loopback host names

You have two options for working with loopback checks, disabling or configuring. Disabling the loopback check increases your attack surface for security threats. As MS KB 896861 states, the loopback check "is designed to help prevent reflection attacks on your computer."

Option 1 - Disabling

Run this PowerShell script by Michael Blumenthal (note: copy and paste the script from the page - if you download the file, it has HTML markup which will throw an error)

Restart your server

Option 2 - Configuring

The more secure option is to specify host names that you would like to allow connections to from the browser on your server.

From http://support.microsoft.com/kb/896861:

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base: 281308 (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Quit Registry Editor, and then restart the IISAdmin service.

00c - Disable the loopback adapter check or Specify loopback host names

Labels

Comments (3)

Anonymous says:

pHil Rittenhouse says:

Jeremy Thake says: