Updated URLScan Security Tool Released

URLScan Security Tool version 2.5
http://www.microsoft.com/technet/security/tools/tools/URLscan.asp

So far I've had little success using the executable provided by Microsoft to "automagically" update my existing URLScan 2.0-running web servers. So I've resorted to extracting the contents of the Setup.EXE (use Setup.EXE /C /T:D:\URLScan_25 for example) and then extracting urlscan.exe (contained in Setup.EXE) using urlscan.exe /X. This extracts all contents to the directory where urlscan.exe is located, so be careful you aren't doing this in your current, live URLScan 2.0 directory unless you want your urlscan.ini to be overwritten with the newfangled one - better to manually edit your ini.

Installing manually is easy...drop the new DLL in the old DLLs place (after stopping IIS of course), edit your ini with the new features you want, and then restart IIS. You don't have to take advantage of any of the new features, and I've found that it works great if just plunked into place...and you get that warm, fuzzy feeling that you have the latest and greatest version in place. :)

Here are the "new" features from version 2.0 (indicated with ***), which if you are manually editing your urlscan.ini's you should use: (compiled from the above URL as well as the urlscan.ini config file)

***Changing the Log File Directory
-LoggingDirectory

Use:

LoggingDirectory=D:\LogFiles\URLScan

---
***Logging Long URLs
-LogLongUrls

Use:

(under OPTIONS)
LogLongUrls=0

If 1, then up to 128K per request can be logged.
If 0, then only 1k is allowed.
---
***Restricting the Size of Requests
-RequestLimits
-MaxAllowedContentLength
-MaxUrl
-MaxQueryString

Use:

[RequestLimits]

;

; The entries in this section impose limits on the length

; of allowed parts of requests reaching the server.

;

; It is possible to impose a limit on the length of the

; value of a specific request header by prepending "Max-" to the

; name of the header.  For example, the following entry would

; impose a limit of 100 bytes to the value of the

; 'Content-Type' header:

;

;   Max-Content-Type=100

;

; To list a header and not specify a maximum value, use 0

; (ie. 'Max-User-Agent=0').  Also, any headers not listed

; in this section will not be checked for length limits.

;

; There are 3 special case limits:

;

;   - MaxAllowedContentLength specifies the maximum allowed

;     numeric value of the Content-Length request header.  For

;     example, setting this to 1000 would cause any request

;     with a content length that exceeds 1000 to be rejected.

;     The default is 30000000.

;

;   - MaxUrl specifies the maximum length of the request URL,

;     not including the query string. The default is 260 (which

;     is equivalent to MAX_PATH).

;

;   - MaxQueryString specifies the maximum length of the query

;     string.  The default is 2048.

;


MaxAllowedContentLength=30000000
MaxUrl=260
MaxQueryString=2048

-Eric




-----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: 
http://www.securityfocus.com/AirDefense-focus-ms
------------------------------------------------------------------------------