Microsoft URLscan Web Application Firewall (WAF)
URL Scan is a plug into IIS that allows for request based filtering (Not signature based) of incoming requests. By enabling some of these filters it is possible to prevent exploitation of known, or new unpublished vulnerabilities. Additional information on 'Web Application Firewalls' can be answered at our What is a Web Application Firewall FAQ Page.
Download
URL Scan Homepage
MSDN Articles
How To: Use URLScan, 2003
How to Configure the URLScan Tool (Support Q326444)
HOW TO: Mask IIS Version Information from Network Trace and Telnet (Support 317741)
Securing Your Web Server, 2004
Improving Web Application Security: Threats and Countermeasures Chapter 16 - Securing Your Web Server
How to Configure URLScan to Protect ASP.NET Web Application (Support 815155)s
HOW TO: Lock Down an ASP.NET Web Application or Web Service (Support 815145)
How To Use URLScan with FrontPage 2003 (Support 825538)
How to use URLScan with FrontPage 2002 (Support 318290)
How to use URLScan with FrontPage 2000 (Support 309394)
IIS lockdown and URLscan configurations in an Exchange environment (Support 309508)
How To Secure Your Developer Workstation
Other MSDN URLScan Articles
Articles
Preventing Log Evasion in IIS, By Robert Auger 2005
Protect Your IIS Server with URLScan , 2000
Other
Google News URLScan Help Results
NewsGroups:
microsoft.public.inetserver.iis.security
microsoft.public.inetserver.iis
microsoft.public.inetserver.misc
microsoft.public.win2000.security
microsoft.public.win2000.advanced_server
microsoft.public.security
microsoft.public.windowsxp.security_admin
Robert,
I don't think URLscan is a WAF. I call this kind "HTTP aware IPS".
~ Ofer
Posted by: Ofer Shezaf | Feb 23, 2009 8:54:43 AM