Microsoft URLScan tool
Sep 16, 2001 | Q

Has anyone installed and used Microsoft’s URLScan Security Tool? It’s billed as an IIS filter that pre-scans all incoming URL requests for potential security compromises (e.g., characters that don’t belong requested address, and that sort of thing), but I wonder if it works, and what kind of impact it has on the web server. If you’ve used it, I’d appreciate it if you’d let me know what your experience has been.

Comments

BTW, I installed this, and I like it; it is an ISAPI filter, and it has various rules (all pre-set) that you can turn on and off. Take my advice, though, and turn off logging in its INI file; the logs that it generates can get huge, and they don’t roll over by day like the IIS logs do.

• Posted by: Jason Levine on Sep 18, 2001, 10:05 PM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!