I've always been a fan of URLScan, originally part of the IIS Lockdown Tool, as it gave tremendous flexibility in URL filtering across different IIS versions that didn't have these capabilities natively built in. Sure, you lost a bit of performance running the ISAPI-based filter, but you mitigated so many port 80/443 HTTP attacks that running URL scan made me sleep better at night.
Well now there's an update, and it's separated from the IIS Lockdown tool, so you can just take the ISAPI filter and install it in IIS 6.0 and 7.0. Oh yes, you can use it with IIS 7.0 too. "But wait", I hear you all say, "doesn't IIS 7.0 already include URL filtering as part of the request filtering module?". Yep, sure does, but IIS 7.0's request filtering module won't allow you to do filtering based on query strings, whereas URL Scan 3.0 will, so until there's an update for the request filtering module here's a great workaround. Oh, one more thing, URLScan 3.0 can specify rules that apply to multiple parts of an HTTP request in a single entity. Nice. BTW, if you do implement this in IIS 7.0, let me know how it goes. I would love to hear of your experiences.
All you need to know about URLScan 3.0 and the downloads are on IIS.net here. Enjoy and sleep tight. ;-)
PingBack from http://www.easycoded.com/url-scan-30-an-excellent-update/