Secure IIS


UrlScan 3.1

UrlScan 3.1 is a security tool that restricts the types of HTTP requests that IIS will process. By blocking specific HTTP requests, the UrlScan 3.1 security tool helps to prevent potentially harmful requests from reaching applications on the server. UrlScan 3.1 is an update to UrlScan 2.5 supports IIS 5.1, IIS 6.0 and IIS 7.0 on Windows Vista and Windows Server 2008.
Prevent potentially harmful requests from reaching Web applications

UrlScan 3.1 screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.


Mitigate SQL injection attacks

UrlScan 3.1 can be configured to filter HTTP querystring values and other HTTP headers to mitigate SQL injection attacks while the root cause is being fixed in the application.
Analyze Log Files

UrlScan 3.1 provides W3C formatted logs for easier log file analysis through log parsing solutions like Microsoft Log Parser 2.2.

Features

· New installer allows UrlScan 3.1 to be installed on IIS 5.1, IIS 6.0, and IIS 7.0

· Create "deny" rules independently to the query string, all headers, or a particular header.

· A global DenyQueryString section in configuration lets you add deny rules for query strings with the option of checking the un-escaped version of the query string.

· A global AlwaysAllowedUrls section in configuration lets you specify safe URLs that will bypassall URL based checks.

· A global AlwaysAllowedQueryStrings section in configuration lets you specify safe query strings that will bypass all query string checks.

· Escape sequences (e.g., %0A%0D) can be used in deny rules so it is possible to deny CRLF and other sequences involving non-printable characters.

· Multiple UrlScan instances can be installed as site filters, each with its own configuration and rules (UrlScan.ini).

· Configuration (UrlScan.ini) change notifications are propagated to IIS worker processes.

· Enhanced W3C formatted logging gives descriptive configuration errors in the Remarks header.

Urlscan.ini file Snapshot Pic is already shown above.

Source
www.iis.net

Also See for Configuration of Url Scan

Microsoft Support