We need to hide the server header in HTTP respones. When I set the urlscan parameter, Removeserverheader to 1, the server header is not present in an HTTP response test. However, when the url for the login page to our site is accesed, a Page Cannot be Found error page displays with HTTP 400 bad request...

Hello, Any way to deploy URLscan manually on a Windows 2008 core server build, installs ok on a Windows 2008 standard server, both being 32-bit builds. The URLscan.msi file gives access denied on the core server version. TIA, Shamus

Hi, I try to build a filter on user-agent with URLScan for IIS6. The goal is to authorize a part of my website only for a unique specific user-agent. For the url http://127.0.0.1 there is no filter. But for the url http://172.0.0.1/MyFolder , I need to build a filter on XML files to protect them. The...

Hi, Is there a possibility to add wildcards to AlwaysAllowedUrls? For example, i have a folder with dots in it's name: '/some.folder/' and a lot of files in it. All files in this folder are blocked by UrlScan...

Hi everyone, I've been tasked to test URLScan 3.1 on an IIS 6.0. I have installed and configured according to setup instructions and added the SQL Injection rule. It works but only, it seems, at root level. For example, when testing a simple login page at the top level i.e. www.somesite.com/login...

I have IIS on my web servers log to a central server. To do this I followed the following links: Configuring IIS to Log Data on a Remote Share: http://technet.microsoft.com/en-us/library/cc757377.aspx Setting Up a Null Session for Cross-Domain Logging: http://technet.microsoft.com/en-us/library/cc728059...

If URLScan is installed on IIS7 it will run before the request filter and url rewriter. By default the relative order of execution of these three is: URLScan Request Filter URL Rewrite

Does anyone know if there is a way to have URLSCAN only log what it would block? We'd like to use on a production server, but we don't want to actually block requests until we've tuned the ruleset. We do have a development server, but I can't guarantee testing there would cover 100% of...

Did you check the security permissions at the E:\logfiles folder (if you have not created the UrlScan folder under it) or the E:\logfiles\UrlScan folder itself (if you did create it)? According to the UrlScan setup page: Make sure that IIS worker processes have write permissions to this folder. For IIS...

I'm using UrlScan 3.0 on IIS 6.0 (IIS 7.0 is not an option). I need to block all requests for URLs which contain "NR" as a path segment: http://localhost/ NR /.... Here's my UrlScan.ini file (most settings are the defaults, changes are in italics, things I think are significant are...