WebApp Sec mailing list archives
RE: URL Scan for IIS
From: securityarchitect () hush com
Date: Sun, 23 Feb 2003 12:47:30 -0800
"blocks all known attacks"....wow thats a powerful statement ! Whats that based on ? Do I thow away my application IDS now then ;-) I could write bad code and this will stop it all then ? eeeek.... Unless I missed something the IIS lockdwon wizard selection doesn't change the URL scan ini file. It turns of services and mappings. If you select an html only site it will not map ASP etc as well as all the unmapping of htw, htr etc What I was really looking for was something more like by adding the < and > strings you can stop XSS.. My real question is this seems to be reversed to good practice for inout filtering, ie i want to say only allow this in the ini file and automaticaly block the meta-chars... On Sun, 23 Feb 2003 00:06:37 -0800 Maher Odeh <rax () netvision net il> wrote:
regarding your question about URLScan ... i am using this dll on all of our production servers , i never seen a problems accruing after the installation at the moment we have a procedure when it comes to install a new server, URLScan is part of this procedure, i really recommend it ... blocks all known attacks, you can restrict the url field to ( length ) and you can do more than that, the only problem with it and haven't figured out how it work is , i have added a rule to block /com1 /com2 ( dos devices ) and it didn't , i still keep on getting the authorization window ... regarding templates, when you extract iislockd you can see a bunch of templates for ASP for OWA SPS and more , if you have any questions, please ask . Maher . -----Original Message----- From: securityarchitect () hush com [mailto:securityarchitect () hush com] Sent: Sunday, February 23, 2003 6:55 AM To: webappsec () securityfocus com Subject: URL Scan for IIS I just took a lok at URL Scan and wondered if anyone has any comments as to its effectiveness ? Also does anyone have a decent urlscan ini file of additional strings they are filtering that would share for education ? Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- URL Scan for IIS securityarchitect (Feb 22)
- <Possible follow-ups>
- RE: URL Scan for IIS Maher Odeh (Feb 23)
- RE: URL Scan for IIS securityarchitect (Feb 23)
- Re: URL Scan for IIS Bryon Gloden (Feb 28)
- Re: URL Scan for IIS Bryon Gloden (Feb 28)
- Re: URL Scan for IIS Skill2die4 (Mar 06)