Blocking unwanted requests [Answered]RSS

5 replies

Last post Oct 23, 2009 06:00 AM by rsloman

  • Blocking unwanted requests

    Oct 15, 2009 11:49 AM|rsloman|LINK

    Hello guys, long time IIS admin and forum browser, but first time poster!

    I'm currently working on a wildcard ISAPI extension to block unwanted (or undesirable) requests as I found URLScan didn't meet my needs, and while there are other options available out there I wanted a single more complete package so decided to write one.

    I've currently got it to the point where I'm happy for other people to "have a go" with it, details are at http://www.richardsloman.com/other/how_to_block_user_agents_in_iis.asp

    I'd appreciate any comments, positive or otherwise, ideas for what to add etc. It's currently tuned to my setup, but you can change the settings in the .cf files in notepad.

  • Rovastar Rovastar

    5482 Posts

    MVP

    Moderator

    Re: Blocking unwanted requests

    Oct 18, 2009 03:13 PM|Rovastar|LINK

    I haven't looked at this yet but you state (one of) the reason(s) for creating this is that URLScan 3.x cannot block Useragent strings.

    "This led me onto Microsoft's URLScan tool, which while it looked ideal wasn't able to block specific User-Agent strings, rendering it fairly useless."

    It can.

    http://blogs.iis.net/rakkimk/archive/2009/06/12/urlscan-rejecting-the-request-depending-on-the-user-agent-string.aspx

     

    Troubleshoot IIS in style
    https://www.leansentry.com/
  • Re: Blocking unwanted requests

    Oct 19, 2009 03:24 AM|rsloman|LINK

    I stand corrected! It certainly wasn't available when I first started developing my extension, and to be honest I didn't recheck the URLScan page to see if it had been added. I still suspect it won't be as powerful though.
  • Re: Blocking unwanted requests

    Oct 22, 2009 01:17 PM|leewilmott|LINK

    rsloman,

    This could be of interest to me.

    URLScan doesn't seem flexible enough.  I would like to block "ALL" User-Agent strings with the exception of ones I specify.  URLScan on the other hand only blocks specified User-Agent strings.

    Does your filter allow this?

    Lee

  • Re: Blocking unwanted requests

    Oct 22, 2009 02:06 PM|rsloman|LINK

    Hi Lee, It wouldn't allow you to do this at present, however I could add the facility to whitelist specific matching user agents. I must confess it doesn't strike me as a particularly good idea though. You could have a vanilla browser, whitelist it's user-agent string then go an install something that alters or extends that string (like the .net framework, or a helper object) and it would then be blocked.....
  • Re: Blocking unwanted requests

    Oct 23, 2009 06:00 AM|rsloman|LINK

    For those that are trying this I've uploaded a revised version (1.0.0.2). There's some speed increases and some new features (like scanning form data and referer) and I've added some documentation on the webpage about the possible commands and their uses.

    [link]http://www.richardsloman.com/other/IISDefender[/link]