URLScan 3.0 rtw (release to web) available

I have to give kudo’s to the Microsoft IIS team for updating URLScan to help block automated sql injection attacks.  Especially to Wade Hilmo and Nazim Lala.  They have been very responsive when it came to involving the community (Thanks guys for the w3c logs).  They (I’m sure along with others on the team) showed real passion to help provide a tool to make sites more secure.  URLScan 3.0 can be used on IIS 6 and IIS 7 servers.   With the release of URLScan 3.0, IIS Administrators have the ability to block automated attacks at a global or site level. Here is a link to download the rtw bits.  If you have questions about URLScan 3.0, visit the Security forum @ http://forums.iis.net/1031.aspx 

Personally, I’ve used URLScan 3.0 since the beta was released.  It’s helped block many attacks on the server hosting www.iislogs.com  I’ve had to tweak the sql injection rules a bit so legitmate requests aren’t affected,   Check out my TAG on sql injections for more information.  I wonder if Slashdot can post a article announcing URLScan 3.0 was released to help with attacks originally announced, here is the link.   

I can see the headline.  The IIS team responds with URLScan 3.0 to help with SQL Injections. 




3 thoughts on “URLScan 3.0 rtw (release to web) available”

  1. In our URLScan logs we get the following quite a bit
    – – – – – – – – – – – – – – – – – – – – – – – –
    #Software: Microsoft UrlScan 3.0
    #Version: 1.0
    #Date: 2008-09-04 01:01:20
    – – – – – – – – – – – – – – – – – – – – – – – –
    Do you know if this means that UrlScan is recycling and we have a period of time where something like an SQL injection can get through? Right now we have been setting UrlScan up globally to cover older code that wasn’t written to the level we would like. So the bottom line is we are using UrlScan to cover our backside until we have enough time to fix them. If UrlScan is recycling then it is opening up another door.




  2. Jeremy,

    My understanding URLScan is checking the config for changes and writes a new entry in the logs. I would double check in the security forums @ forums.iis.net for further clarification.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: