WebApp Sec mailing list archives
RE: URL Scan for IIS
From: "Maher Odeh" <rax () netvision net il>
Date: Sun, 23 Feb 2003 10:06:37 +0200
regarding your question about URLScan ... i am using this dll on all of our production servers , i never seen a problems accruing after the installation at the moment we have a procedure when it comes to install a new server, URLScan is part of this procedure, i really recommend it ... blocks all known attacks, you can restrict the url field to ( length ) and you can do more than that, the only problem with it and haven't figured out how it work is , i have added a rule to block /com1 /com2 ( dos devices ) and it didn't , i still keep on getting the authorization window ... regarding templates, when you extract iislockd you can see a bunch of templates for ASP for OWA SPS and more , if you have any questions, please ask . Maher . -----Original Message----- From: securityarchitect () hush com [mailto:securityarchitect () hush com] Sent: Sunday, February 23, 2003 6:55 AM To: webappsec () securityfocus com Subject: URL Scan for IIS I just took a lok at URL Scan and wondered if anyone has any comments as to its effectiveness ? Also does anyone have a decent urlscan ini file of additional strings they are filtering that would share for education ? Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- URL Scan for IIS securityarchitect (Feb 22)
- <Possible follow-ups>
- RE: URL Scan for IIS Maher Odeh (Feb 23)
- RE: URL Scan for IIS securityarchitect (Feb 23)
- Re: URL Scan for IIS Bryon Gloden (Feb 28)
- Re: URL Scan for IIS Bryon Gloden (Feb 28)
- Re: URL Scan for IIS Skill2die4 (Mar 06)