The following section provides answers to frequently asked questions about UrlScan. Question: What is UrlScan? Answer: UrlScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by...
Working with UrlScan
UrlScan is a security tool that restricts the types of HTTP requests that Microsoft Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan security tool helps prevent potentially harmful requests from reaching...
UrlScan primarily consists of two parts: the UrlScan ISAPI filter named UrlScan.dll, and a configuration file named UrlScan.ini. ( Note : Some of the earlier versions of UrlScan contained an additional resource file named UrlScanr.dll.) Each version of...
Windows XP, Windows Server 2003, Windows Vista or Windows Server 2008. IIS version 5.1, 6.0 or 7.0 or above (depending on the platform). Installation Steps Run UrlScan v3.1 MSI installer for either x86 or x64 version depending on your platform. On succ...
Note : UrlScan 3.0 has been replaced by UrlScan 3.1. If you are using UrlScan 3.0, you should download and install the latest version. Microsoft released UrlScan 3.0 as a separate download, which added features to create filtering rules, to always allo...
Note : UrlScan 2.x has been replaced by UrlScan 3.1 . If you are using UrlScan 2.x, you should download and install the latest version. The information on this page is presented for reference purposes. Microsoft released UrlScan 2.0 and UrlScan 2.1 as...
Note : UrlScan 1.0 has been replaced by UrlScan 3.1 and should not be used. If you are using UrlScan 1.0, you should download and install the latest version. The information on this page is included only as a reference. UrlScan 1.0 was the first versio...
This article provides a list of common usage scenarios for UrlScan Version 3.1, and how to enable the scenarios using the UrlScan.ini configuration. Creating Rules to Disallow String Patterns in Parts of Requests A new feature added for UrlScan Version...
Microsoft has released version 3.1 of UrlScan , and one of the great new features in this version is log files that conform to the W3C Extended Log File Format . What this means to administrators is that they can now parse their UrlScan activity using...
UrlScan, a security tool, was provided as an add-on to earlier versions of Internet Information Services (IIS) so administrators could enforce tighter security policies on their Web servers. Within IIS 7 and above, all the core features of URLScan have...
IIS 7.0 and above includes a request filtering module that is based on the URLScan ISAPI Filter for IIS 6.0. The module helps you tighten security of your Web servers. The IIS team has also released an add-on URL rewrite module for IIS, which provides...
Block unwanted or undesirable requests based on IP address (including RBL lookups), ASN, reverse pointer, request method, url, querystring, cookies, form data, referer and many more options. Constantly in development, current release is 1.0.0.6
The following ZIP file contains an ISAPI filter (including the source code) which allows you to modify the Server Header of IIS4/5/5.1/6 and 7.0. The Server Header is configurable via the .ini file in the same directory. An install script (install_filter.vbs) will install the filter in IIS. You a...
Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory. You tell Log Parser...
Security is always a consideration; it is critical to make careful security considerations when you implement and maintain your Web sites, infrastructure, and PHP applications. Internet Information Services 7 (IIS 7) and above offers many ways to confi...
SPF is an application security module designed for Microsoft IIS web servers. SPF uses cryptography to dynamically secure embedded application parameters from manipulation at runtime. These parameters typically include Query String variables, non-editable HTML Form Inputs, Browser Cookies, and ot...
Introduction Microsoft released a new WebDAV extension module that was completely rewritten for Internet Information Services 7.0 (IIS 7.0) on Windows Server® 2008. This new WebDAV extension module incorporated many new features that enable web authors...
The <requestLimits> element specifies limits on HTTP requests that are processed by the Web server. These limits include the maximum size of a request, the maximum URL length, and the maximum length for a query string. In addition, the <requestLimits> element can contain a collection...
The <add> element of the <alwaysAllowedQueryStrings> element specifies a unique query string pattern that request filtering will allow. The values in the <alwaysAllowedQueryStrings> element override the values in the <denyQueryStringSequences> collection.
The <add> element of the <denyQueryStringSequences> element specifies a unique sequence of query string characters that IIS will deny, which helps prevent attacks on the Web server that use the query string to deliver the attack payload. Note : You can override the query string sequen...
The <denyStrings> element of the <filteringRule> element defines a collection of strings for which a request filtering rule applies. The <denyStrings> element contains a series of <add> elements, each of which specifies a unique string to add to the collection.
The <alwaysAllowedQueryStrings> element specifies a collection of query strings that request filtering will always allow. The <alwaysAllowedQueryStrings> element contains a collection of <add> elements that specify query string patterns that request filtering will allow, which o...
The <denyQueryStringSequences> element contains a collection of <add> elements that specify sequences of query string characters that IIS will deny, which helps prevent attacks on the Web server that use the query string to deliver the attack payload. Note : You can override the query...
Internet Information Services 7.0 (IIS 7.0) and above is the Web server platform for the Windows Vista™ operating system. IIS 7.0 and above introduces many changes from earlier versions of IIS. These changes can affect the way users interact with IIS e...
The <add> element of the <fileExtensions> collection specifies a unique file name extension to add to the collection of file name extensions for Internet Information Services (IIS) 7. Note : When request filtering blocks an HTTP request because of a denied file name extension, IIS 7 w...
The <add> element of the <scanHeaders> element adds a unique HTTP header to the collection of HTTP headers that a request filtering rule will scan for strings that are specified in the <denyStrings> collection.
The <add> element of the <hiddenSegments> collection specifies a unique URL segment to add to the collection of hidden segments for Internet Information Services (IIS) 7. Note : When request filtering blocks an HTTP request because of a hidden URL segment, IIS 7 will return an HTTP 40...
The <add> element of the <alwaysAllowedUrls> element specifies a unique URL that request filtering will always allow. The <alwaysAllowedUrls> element contains a collection URLs that request filtering will allow, which override the values in the <denyUrlSequences> collectio...
The <fileExtensions> element contains a collection of <add> elements that specify unique file name extensions that IIS will either allow or deny, depending on how each <add> element is defined. By using the <fileExtensions> element, you can fine-tune the types of content t...
The <appliesTo> element of the <filteringRule> element defines a collection of file name extensions to which a request filtering rule applies. The <appliesTo> element contains a series of <add> elements, each of which specifies a unique file name extension to add to the co...
The <hiddenSegments> element contains a collection of <add> elements that identify certain URLs IIS 7 will make inaccessible to clients. For example, on Web servers that are hosting ASP.NET content, IIS 7 blocks several of the ASP.NET-related paths for you; Web.config, bin, App_Code,...
The <add> element of the <denyStrings> element adds a unique string to the collection of strings which a request filtering rule will deny.
The <headerLimits> element of the <requestFiltering> collection contains a collection of <add> elements that specify the maximum size in bytes for HTTP headers. Note : When request filtering blocks an HTTP request because an HTTP request exceeds the header limits, IIS 7 will ret...
This article contains the following: Reduced Surface Area Simplified Security Management Security Enhancements Reduced Surface Area IIS 6.0 introduced the lockdown by default approach. This was a significant shift from previous versions of IIS which in...
The <add> element of the <denyUrlSequences> collection specifies a unique sequence of characters to add to the collection of denied URL sequences for Internet Information Services (IIS) 7. For example, using two periods in a URL ("..") will instruct a server to process the URL in the...
The <add> element of the <headerLimits> collection specifies the maximum size limit for an HTTP header. Note : When request filtering blocks an HTTP request because an HTTP request exceeds the header limits, IIS 7 will return an HTTP 404 error to the client and log the following subst...
The <alwaysAllowedUrls> element contains a collection of <add> elements that specify URLs that request filtering will allow, which override the values in the <denyUrlSequences> collection.
You can find the original Top 10 Changes in IIS 7.0 post on Technet . 1. Simple, configurable command line setup Install only the IIS components needed to run your site Example: start /w pkgmgr /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonH...
The <add> element of the <appliesTo> element adds a unique file name extension to the collection of file name extensions to which a request filtering rule applies.
The <add> element of the <verbs> collection specifies a unique HTTP verb to add to the collection of verbs that are are allowed or denied for Internet Information Services (IIS) 7. Note : When request filtering blocks an HTTP request because of a denied HTTP verb, IIS 7 will return an...
The <scanHeaders> element of the <filteringRule> element defines a collection of HTTP headers that a request filtering rule will scan for strings that are specified in the <denyStrings> collection. The <scanHeaders> element contains a series of <add> elements, each o...
The <verbs> element specifies which HTTP verbs are allowed or denied to limit the type of HTTP requests that are allowed by the Web server. Note : When request filtering blocks an HTTP request because of a denied HTTP verb, IIS 7 will return an HTTP 404 error to the client and log the follo...
Request Filtering is a built-in security feature that was introduced in Internet Information Services (IIS) 7.0, and replaces much of the functionality that was available through the UrlScan add-on for IIS 6.0. All of the settings for the request filtering feature are located within the <reque...
The <denyUrlSequences> element contains a collection of <add> elements that specify sequences of URL characters that IIS will deny, which helps prevent URL-based attacks on the Web server. For example, using two periods in a URL ("..") will instruct a server to process the URL in the...
Apache Hypertext Transfer Protocol (HTTP) Server and Internet Information Services are two of the world’s most popular Web servers. This article provides technical information about IIS for users who are familiar with Apache. The article compares the a...
The <filteringRule> element adds a rule to the collection of custom request filtering rules in the <filteringRules> element. Each <filteringRule> element specifies a collection of custom attributes and elements that define the request filtering behavior based on user-defined cri...
The <filteringRules> element specifies a collection of custom request filtering rules. This element allows administrators to create customized filtering rules for their server that extend the basic functionality of the request filtering feature. Each <filteringRule> element specifies...
Introduction Microsoft has created a new WebDAV extension module that has been completely rewritten for Internet Information Services 7.0 (IIS 7.0) on Windows Server® 2008. This new WebDAV extension module incorporates many new features that enable web...
Internet Information Services (IIS) 7 and above provides a request-processing architecture that includes: The Windows Process Activation Service (WAS), which enables sites to use protocols other than HTTP and HTTPS. A Web server engine that can be cust...