UrlScan version 3.0 goes RTW

August 25, 2008 19:34 by author

With all the recent publicity over SQL Injection attacks, it looks as if Microsoft has pushed through and released urlscan 3.0 RTW.

UrlScan 3 looks at building on the features of UrlScan 2.5, which is built into IIS. The main feature that interests me is the ability to blacklist words, so whereas the recent SQL injection attacks contained words such as DECLARE,CAST,EXEC. You can configure UrlScan to block the request and redirect to a 404 page. Here's a good example.

And here's an in-depth article from the team at IIS.

Tags: iis, security, sql injection
Categories: IIS
Actions: E-mail | Kick it! | Permalink | comment

Comments (367) | RSS comment feed

Comment RSS

My Twitter

March 7. 22:32
My iPhone battery is running low again. I wonder if it could be related to my #ragdollblaster2 addiction?

March 2. 12:36
5 days to go! :)

March 1. 20:38
OMG no wonder there is dodgy programmers out there when MSDN has pages like this... http://tinyurl.com/ylzp36j

February 23. 20:43
woo just realised only 2 weeks till i start contracting... yey!

February 18. 01:11
Yey! Got tickets booked for opening night of Sydney comedy festival! :-)

Follow me on Twitter

Calendar

Mo	Tu	We	Th	Fr	Sa	Su
22	23	24	25	26	27	28
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31	1	2	3	4

View posts in large calendar

http://stevencasey.com/

UrlScan version 3.0 goes RTW

About the author

My Twitter

Calendar

Month List

Disclaimer

Mo	Tu	We	Th	Fr	Sa	Su
22	23	24	25	26	27	28
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31	1	2	3	4

Mo	Tu	We	Th	Fr	Sa	Su
22	23	24	25	26	27	28
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31	1	2	3	4

Mo	Tu	We	Th	Fr	Sa	Su
22	23	24	25	26	27	28
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31	1	2	3	4