URLScan Security Tool!

Published by

Microsoft has developed a tool that lets web server administrators ensure the security of their servers. The tool, URLScan, screens all incoming requests to the server, and filters them based on rules set by the administrator. This significantly improves the security of the server by helping ensure that it only responds to valid requests.

URLScan is effective in protecting web servers because most attacks share a common characteristic ? they involve the use of a request that?s unusual in some way. For instance, the request might be extremely long, request an unusual action, be encoded using an alternate character set, or include character sequences that are rarely seen in legitimate requests. By filtering out all unusual requests, URLScan prevents them from reaching the server and potentially causing damage.

URLScan is extremely flexible. Its default rule set fully protects a server against virtually all known security vulnerabilities affecting IIS, as well as potentially protecting against additional, as-yet undiscovered attack methods. The default rules can be modified ? and new rules can be added ? in order to customize the tool?s actions to match the needs of a particular server.

UrlScan.exe - 162 Kb