Thanks Clutch for this one:
Microsoft released today a tool called URLScan that could be a valuable security asset. It is an ISAPI filter (consequently, it will always run in process), that will analyze an incoming request and screen them according to a ruleset created by the administrator. This is the same kind of technology used by IISSecure created by Eeye which has proven to be an effective security tool. It would be ideal if a malformed or suspect URL never reached IIS for processing in the first place.
Download
Microsoft released today a tool called URLScan that could be a valuable security asset. It is an ISAPI filter (consequently, it will always run in process), that will analyze an incoming request and screen them according to a ruleset created by the administrator. This is the same kind of technology used by IISSecure created by Eeye which has proven to be an effective security tool. It would be ideal if a malformed or suspect URL never reached IIS for processing in the first place.
Download