IIS 5 & IIS 6
Blocking unwanted requests
Last post Oct 23, 2009 06:00 AM by rsloman
Oct 15, 2009 11:49 AM|rsloman|LINK
Hello guys, long time IIS admin and forum browser, but first time poster!
I'm currently working on a wildcard ISAPI extension to block unwanted (or undesirable) requests as I found URLScan didn't meet my needs, and while there are other options available out there I wanted a single more complete package so decided to write one.
I've currently got it to the point where I'm happy for other people to "have a go" with it, details are at http://www.richardsloman.com/other/how_to_block_user_agents_in_iis.asp
I'd appreciate any comments, positive or otherwise, ideas for what to add etc. It's currently tuned to my setup, but you can change the settings in the .cf files in notepad.
Oct 18, 2009 03:13 PM|Rovastar|LINK
I haven't looked at this yet but you state (one of) the reason(s) for creating this is that URLScan 3.x cannot block Useragent strings.
"This led me onto Microsoft's URLScan tool, which while it looked ideal wasn't able to block specific User-Agent strings, rendering it fairly useless."
Oct 19, 2009 03:24 AM|rsloman|LINK
Oct 22, 2009 01:17 PM|leewilmott|LINK
This could be of interest to me.
URLScan doesn't seem flexible enough. I would like to block "ALL" User-Agent strings with the exception of ones I specify. URLScan on the other hand only blocks specified User-Agent strings.
Does your filter allow this?
Oct 22, 2009 02:06 PM|rsloman|LINK
Oct 23, 2009 06:00 AM|rsloman|LINK
For those that are trying this I've uploaded a revised version (22.214.171.124). There's some speed increases and some new features (like scanning form data and referer) and I've added some documentation on the webpage about the possible commands and their uses.