« Previous Next »

• 10-10-2008, 3:52 PM

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,929

  Use URLRewrite to help protect again certain sql injection attacks. Reply Contact Forgive me, I'm not a RegEx guru.  Is it possible to use URLRewrite with regex to 'black hole' a request based on some configured RegEX rules, for example sql injection text?  If the querystring contains CAST(, the rule would block the request?  URLScan 3.0 doesn't allow for RegEx rules.  I'm not certain the order of operations when running both URLRewrite and URLScan together.    Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 10-10-2008, 4:05 PM

  In reply to

  ruslany Joined on 07-01-2007, 3:38 PM Redmond, WA Posts 661	Re: Use URLRewrite to help protect again certain sql injection attacks. Reply Contact Yes, you can use URLRewrite to block requests that contain sql injection text in the URL path or query string. More details on comparizon of URL rewrite and Request Filtering is available here. http://ruslany.net
  	Tags: request filtering

• 10-10-2008, 5:39 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,929	Re: Use URLRewrite to help protect again certain sql injection attacks. Reply Contact Thanks for the article link. Does urlscan happen after request filter and potentially urlrewrite in the request pipeline? Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 10-13-2008, 4:44 PM

  In reply to

  ruslany Joined on 07-01-2007, 3:38 PM Redmond, WA Posts 661	Re: Use URLRewrite to help protect again certain sql injection attacks. Reply Contact If URLScan is installed on IIS7 it will run before the request filter and url rewriter. By default the relative order of execution of these three is: URLScan Request Filter URL Rewrite  http://ruslany.net
  	Tags: URLScan

• 10-14-2008, 12:35 PM

  In reply to

  ruslany Joined on 07-01-2007, 3:38 PM Redmond, WA Posts 661	Re: Use URLRewrite to help protect again certain sql injection attacks. Reply Contact I was corrected by Anil about the order of execution of these modules. By default the relative order of execution is: URLScan URLRewrite (executing rules defined in <globalRules> section) Request Filter URL Rewrite (executing rules defined in <rules> section)   http://ruslany.net
  	Tags: URL Rewrite Module

• 10-14-2008, 1:14 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,929

  Re: Use URLRewrite to help protect again certain sql injection attacks. Reply Contact Thank you Ruslan for posting this info.  It helps from a security perspective when looking at ways to help lockdown and block requests that are sql injection type.  Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget