IIS - Microsoft Internet Information Services

HomeForumsIIS 5.x & 6.0SecurityUrlScan 3.0 Beta Feedback and Suggestions

Previous Next

Thread: UrlScan 3.0 Beta Feedback and Suggestions

Last post 08-21-2008 11:44 AM by wadeh. 18 replies.

Average Rating Rate It (5)

RSS

Page 2 of 2 (19 items) < Previous 1 2

Sort Posts:

  • 08-13-2008, 4:25 PM In reply to

    Re: UrlScan 3.0 Beta Feedback and Suggestions

    Locked Reply Contact

     One question for urlscan.ini:

    In section [DenyUrlSequences] and [DenyQueryStringSequences], the rule is only for single character or can be for words?

     For example if I want to stop Delete, can I put it in section  [DenyQueryStringSequences] for one line as

    DELETE    ; not allow any delete

  • 08-14-2008, 4:05 PM In reply to

    • wadeh
    • Top 50 Contributor
    • Joined on 04-19-2005, 10:17 PM
    • Posts 98

    Re: UrlScan 3.0 Beta Feedback and Suggestions

    Locked Reply Contact

    It would be good to post new questions like this in a new thread, so that people could see the question in the subject (and find the answer in a response.)

    That said, the answer to this is that both of the sections above work with strings, so putting "delete" in the section will work as you intend.

    Thanks,
    -Wade

  • 08-20-2008, 10:05 AM In reply to

    • lunky
    • Not Ranked
    • Joined on 08-20-2008, 1:53 PM
    • Posts 1

    Re: UrlScan 3.0 Beta Feedback and Suggestions

    Locked Reply Contact

    I can't seem to get Urlscan to log the original offending query string  in request blocked by a custom rule list. I think it's a bug.. I don't know -- maybe I'm configuring it wrong

    If urlscan catches something in DenyQueryStringSequences for example it logs the rejection and shows the url and the querystring :

     [08-19-2008 - 11:28:58] Client at 999.999.999.999: QueryString contains sequence '%%3C', which is disallowed. Request will be rejected.  Site Instance='1', Raw URL='/root/Details.aspx', QueryString='Name=Peter&ID=J121V9823%%3Cbr%%3E'

    If it catches something in my [SQL Injection] rule list it shows only the URL:

    [08-19-2008 - 13:28:46] Client at 999.999.999.999: Rule 'SQL Injection' detected string '--' in the query string. Request will be rejected.  Site Instance='1', Raw URL='/root/Default.aspx'

    I'm running UrlScan 3.0 Beta / IIS 6 / Win2003 

    Any help or suggestions would be appreciated.

    Quinn.

  • 08-21-2008, 11:44 AM In reply to

    • wadeh
    • Top 50 Contributor
    • Joined on 04-19-2005, 10:17 PM
    • Posts 98

    Re: UrlScan 3.0 Beta Feedback and Suggestions

    Locked Reply Contact

    With the release of UrlScan 3.0 today, I am going to go ahead and lock this thread.

    Please feel free to post questions or comments - including feature requests - regarding UrlScan to this forum.  The product team will continue to monitor and participate.

    Thanks,
    -Wade
Page 2 of 2 (19 items) < Previous 1 2

Powered by IIS7   Powered by ASP.NET 2.0

Copyright © 2008 Microsoft Corporation. All Rights Reserved. | Terms of Use | Privacy Statement | About our Team
Questions/Problems with www.iis.net? | Interested in Advertising with us? | Hosted by OrcsWeb | Ads served by BanManPro

Page view counter