« Previous Next »

Answered Thread: UrlScan 3.0 Querystring Scans Not Working For Me

Last post 10-31-2009 10:57 AM by odempsey. 19 replies.

Average Rating Rate It (5)

RSS

Page 2 of 2 (20 items) < Previous 1 2

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 09-09-2008, 1:15 PM In reply to

    • wadeh
    • Top 50 Contributor
    • Joined on 04-19-2005, 10:17 PM
    • Posts 112

    Answered Re: UrlScan 3.0 Querystring Scans Not Working For Me

    Reply Contact

    I have a repro of this problem and understand the root cause.

    The issue is with the filter API on IIS 5.1 where it is presenting an empty query string to UrlScan.  The problem does not affect IIS versions 6.0 and later.

    Unfortunately, this is not something that can be worked around by the user.  It will require a change to UrlScan to recognize IIS versions earlier than 6 and acquire the query string another way.

    Thanks,
    -Wade

  • 09-09-2008, 1:22 PM In reply to

    • tgorman
    • Not Ranked
    • Joined on 08-28-2008, 2:21 PM
    • Posts 7

    Re: UrlScan 3.0 Querystring Scans Not Working For Me

    Reply Contact

    Thanks, all, for your help.  I will use IIS 6 and later for now.

  • 09-09-2008, 2:23 PM In reply to

    Re: UrlScan 3.0 Querystring Scans Not Working For Me

    Reply Contact
    im glad we got that figured out. thanks for both of your help

  • 10-31-2009, 8:36 AM In reply to

    • odempsey
    • Not Ranked
    • Joined on 10-31-2009, 8:32 AM
    • Posts 2

    Re: UrlScan 3.0 Querystring Scans Not Working For Me

    Reply Contact

     Hi there, I am using URLScan 3.1, IIS 6.0 and Windows 2003 Server and I am having the same problem, everything is working except ScanQueryString.   Does anybody know what could be causing it?

     

  • 10-31-2009, 10:57 AM In reply to

    • odempsey
    • Not Ranked
    • Joined on 10-31-2009, 8:32 AM
    • Posts 2

    Re: UrlScan 3.0 Querystring Scans Not Working For Me - Solution

    Reply Contact

     I couldn't get the ScanQueryString to work so I put the values that I wanted to block in the QueryString below [DenyQueryStringSequences] as follows:-

     [DenyQueryStringSequences]
    ;
    ; If any character sequences listed here appear in the query
    ; string for any request, that request will be rejected.
    ;

    <   ; Commonly used by script injection attacks
    >   ; Commonly used by script injection attacks
    --
    %3b ; a semicolon
    /*
    @ ; also catches @@
    char ; also catches nchar and varchar
    alter
    begin
    cast
    convert
    create
    cursor
    declare
    delete
    drop
    end
    exec ; also catches execute
    fetch
    insert
    kill
    open
    select
    sys ; also catches sysobjects and syscolumns
    table
    update

    seems to be working ok now.  I couldn't find this problem covered anywhere else so if anyone has any further comments or suggestions please reply here or contact oliver at barrowvale dot com forward slash contact dot asp

    Many Thanks

    Oliver

     

     
    Tags:
Page 2 of 2 (20 items) < Previous 1 2
Microsoft Communities