About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated SQL injection attacks and we have been busy since refining it with the help of our customers, community and MVPs. You can download the bits at the links below.
UrlScan v3.0 RTW for x86
UrlScan v3.0 RTW for x64
You can also check out the updated walkthroughs for UrlScan v3.0 that covers the new features since Beta.
Common UrlScan Scenarios
Here is a summary of the feature additions to UrlScan v3.0 RTW
1) W3C formatted logging.
UrlScan v3.0 RTW has W3C formatted logs so that analyzing log files is more accessible by writing queries against them using Log Parser. The following are the fields in the new log format with a brief description.
Date: Date of incoming request
Time: UTC time for incoming request
c-ip: Client IP address
s-siteid: SiteID for the site that processed the request
cs-method: Method (verb) of incoming request
cs-uri: URI of incoming request, including query string
x-action: Action performed by UrlScan. Either rejected or logged
x-reason: Reason for UrlScan check being triggered.
x-context: Portion of request this check is applicable to, e.g. URL, query string etc
cs-data: Data in the request that triggered the UrlScan check
x-control: UrlScan configuration data that caused the UrlScan check to trigger
2) Allow rules for URLs and query strings
UrlScan v3.0 RTW gives you the ability to specify a "safe" list of URLs and query strings that will by pass all UrlScan checks. This gives administrators the ability to configure UrlScan to allow certain URLs that would otherwise trigger a UrlScan check.
Here is the link to my blog when UrlScan v3.0 Beta was release