Thursday, July 17, 2014

URLScan Is Now- Request Filtering in IIS 8.0 and higher

I've been using URL scan to deny Verbs- Http Method such as put, trace and so on. I remember we used to restrict file extension URL requests that are reaching to web server . These are all part of security practices and also helping right request served by the web server.

Cool Tip- If you want to prevent directory browsing. Go to run-> inetmgr-> select request filtering -> select URL tab-> select Deny Sequence --> input two dot (period) operator or character.

To test this try to access the website resources such as www.sample.com/images/demo.jpg
It will throw error.


http://www.iis.net/configreference/system.webserver/security/requestfiltering
Post a Comment