WebApp Sec mailing list archives

Re: URL Scan for IIS

From: "Bryon Gloden" <glodenb () groupwise wmich edu>
Date: Fri, 28 Feb 2003 09:40:52 -0500

URL Scan is a must have for IIS.

We installed it about six months ago and are using the default
*.ini file.  The only annoyance was that we had a lot of html
#include files that had a ".." in the path.  URL Scan doesn't allow
".." so we had to change from paths.  Other than that, it's a good
start.

BTW, if you install BlackIce Server Protector, it also stops a few
more things from reaching IIS.

cheers,
Bryon

Bryon Gloden
Auxiliary Enterprises
Western Michigan University
phone://269.387.3370
email://glodenb () groupwise wmich edu
http://auxe.wmich.edu/

Current thread:

URL Scan for IIS securityarchitect (Feb 22)
- <Possible follow-ups>
- RE: URL Scan for IIS Maher Odeh (Feb 23)
- RE: URL Scan for IIS securityarchitect (Feb 23)
- Re: URL Scan for IIS Bryon Gloden (Feb 28)
- Re: URL Scan for IIS Bryon Gloden (Feb 28)
  - Re: URL Scan for IIS Skill2die4 (Mar 06)