Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > webappsec > 03 > 020472.html (Request Expert securityfocus.com Support)

RE: URL Scan for IIS

From: Maher Odeh <rax(at)netvision.net.il>
Date: Sun Feb 23 2003 - 03:06:37 EST


regarding your question about URLScan ... i am using this dll on all of our production servers , i never seen a problems accruing after the installation at the moment we have a procedure when it comes to install a new server, URLScan is part of this procedure, i really recommend it ...

blocks all known attacks, you can restrict the url field to ( length ) and you can do more than that, the only problem with it and haven't figured out how it work is , i have added a rule to block /com1 /com2 ( dos devices ) and it didn't , i still keep on getting the authorization window ...

regarding templates, when you extract iislockd you can see a bunch of templates for ASP for OWA SPS and more , if you have any questions, please ask .

Maher .

-----Original Message-----
From: securityarchitect@hush.com [mailto:securityarchitect@hush.com] Sent: Sunday, February 23, 2003 6:55 AM
To: webappsec@securityfocus.com
Subject: URL Scan for IIS

I just took a lok at URL Scan and wondered if anyone has any comments as to its effectiveness ?

Also does anyone have a decent urlscan ini file of additional strings they are filtering that would share for education ?

Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2

Do you need help?X

Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received on Sun Feb 23 14:20:47 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library