« Previous Next »

Thread: URLScan 3.1 help

Last post 03-12-2009 8:50 AM by Rovastar. 1 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (2 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 03-10-2009, 1:37 PM

    URLScan 3.1 help

    Reply Contact

    Hi everyone,

     I've been tasked to test URLScan 3.1 on an IIS 6.0.  I have installed and configured according to setup instructions and added the SQL Injection rule.  It works but only, it seems, at root level.

    For example, when testing a simple login page at the top level i.e.  www.somesite.com/login.asp , URLScan catches SQL Injection and logs accordingly. However, for a subdirectory i.e. www.somesite.com/level1/feedback/feedback.asp, tested SQL Injection gets thru and it is not logged.

    I have tried URLScan as a global and site level ISAPI Filter, both ways produce the above results.  Any ideas?
    Tags:

  • 03-12-2009, 8:50 AM In reply to

    Re: URLScan 3.1 help

    Reply Contact

    Do other urlscan properties function or it just the rules?

    I cannot think of anything in the urlscan ini file that could explain your behaviour but post it anyway maybe there is something in there.

     

    http://www.iisportal.com
Page 1 of 1 (2 items)
Microsoft Communities