RE: asp source code exposure

["Lehman, Jim" <JLehman () mail esignal com>]

I think Microsoft provides a tuil called url scan, but... it is behind a
F5 BigIP. I set an iRule to filter the regex. That fixed the issue

-----Original Message-----
From: foo () bar com [mailto:foo () bar com] 
Sent: Tuesday, May 30, 2006 11:17 AM
To: security-basics () securityfocus com
Subject: Re: asp source code exposure

Can't you use regular expressions and do URL filtering on the server
side with IIS? Apache has the functionality to match requests and filter
them accordingly, such as SetEnvIf Request_URI "REGEX" blah ? just scan
urls for the addition of :$DATA and boom your pretty safe.



 DISCLAIMER: This message (including any files transmitted with it) may contain confidential and/or proprietary 
information, is the property  of Interactive Data Corporation and/or its subsidiaries, and and is directed only to the 
addressee(s). If you are not the designated recipient or have reason to believe you received this message in error, 
please delete this message from your system and notify the sender immediately. An unintended recipient's disclosure, 
copying, distrbution, or use of this message or any attachements, is prohibited and may be unlawful.