Install URLScan on your Web server

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

URLScan is an ISAPI filter that is installed when you run the IISLockdown tool. This helps mitigate the threat of XSS attacks by rejecting potentially malicious input. For more information about IISLockdown and URLScan, see Chapter 16, "Securing Your Web Server." at http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh16.asp

Note IIS 6.0 on Windows Server 2003 has functionality equivalent to URLScan built in.

References

Personal tools