RE: URL Scan for IIS

["Maher Odeh" <rax () netvision net il>]

regarding your question about URLScan ...
i am using this dll on all of our production servers , i never seen a problems accruing after the installation at the 
moment we have a procedure when it comes to install a new server, URLScan is part of this procedure, i really recommend 
it ...

blocks all known attacks, you can restrict the url field to ( length ) and you can do more than that, the only problem 
with it and haven't figured out how it work is , i have added a rule to block /com1 /com2 ( dos devices ) and it didn't 
, i still keep on getting the authorization window ...

regarding templates, when you extract iislockd you can see a bunch of templates for ASP for OWA SPS and more , if you 
have any questions, please ask .


Maher .


-----Original Message-----
From: securityarchitect () hush com [mailto:securityarchitect () hush com]
Sent: Sunday, February 23, 2003 6:55 AM
To: webappsec () securityfocus com
Subject: URL Scan for IIS



I just took a lok at URL Scan and wondered if anyone has any comments as to its effectiveness ?

Also does anyone have a decent urlscan ini file of additional strings they are filtering that would share for education 
?



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427