i tried to install UrlScan in IIS7 and i got the following error "IIS Metabase is required to install Microsoft UrlScan Filter v3.0" Is UrlScan meant for IIS7?

In our URLScan logs we get the following quite a bit - - - - - - - - - - - - - - - - - - - - - - - - #Software: Microsoft UrlScan 3.0 #Version: 1.0 #Date: 2008-09-04 01:01:20 - - - - - - - - - - - - - - - - - - - - - - - - Does anyone know if this means that UrlScan is recycling and we have a period...

Doing some testing, currently, and running into some issues with this. We've got a couple cases where things like 'cast' or 'open' are appropriate for our webpages. I've setup an AlwaysAllowedQueryStrings section: [AlwaysAllowedQueryStrings] branch=Openshaw branch=Newcastle+upon...

Hi Zhao, Thank you for your reply. I now understand how [AlwaysAllowedUrls] works and where the query string check is still performed on the allowed Urls. To clarify, here is what I would like to achieve. For instance, I would like the following 'url+query string' to be valid: http://www.domain...

Ive been trying to write a filter based on __VIEWSTATE but I can only get it to scan and filter based on the viewstate if I use ScanAllRaw=1 URLScan rule: [ViewState] AppliesTo=.asp,.aspx DenyDataSection=ViewState Strings ScanUrl=0 ScanAllRaw=1 ScanQueryString=0 ScanHeaders= [ViewState Strings] -- %3b...

I would like to allow a search page to accept all text in the query string. To do this I added the result page to the [AlwaysAllowedUrls]. One thing that is ambiguous from the documentation is if the [AlwaysAllowedUrls] settings also bypasses the custom rules and if the pages listed in [AlwaysAllowedUrls...

Rovastar, I can confirm that the workaround that KentZhou posted works. I have included below the contents of the RuleList section in the UrlScan.ini as I have it in my test box. After changing the rule though I issued an iisreset /restart command before I tested so the UrlScan.ini's settings were...

does URLScan look at http and https traffic?

My Urlscan.ini: [options] UseAllowVerbs=1 ; If 1, use [AllowVerbs] section, else use the ; [DenyVerbs] section. The default is 1. UseAllowExtensions=0 ; If 1, use [AllowExtensions] section, else ; use the [DenyExtensions] section. The ; default is 0. NormalizeUrlBeforeScan=1 ; If 1, canonicalize URL...

Hi! I have 2 questions: 1- I have a PHP aplication that have been blocked by URL Scan. My rule was set to .asp and .aspx , but URL Scan is still aplying the rule for my PHP aplication ( its a < that goes in the URL, so the log file report the %%3C ). I would like to know how do I configure URL Scan...