http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspxIf you haven't noticed already, UrlScan v3.0 Beta is out and it is the answer to all your prayers. Well maybe not all, but it still is nifty. UrlScan 2.5 is widely used and is quite popular. There were a few minor issues with it that were all fixed forenCommunityServer 2007 SP1 (Build: 20510.895)http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2874777Sun, 18 Jan 2009 17:50:49 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2874777sinema izle<p>URLscan nie jest martwy?</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2874777" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2576590Sun, 24 Aug 2008 01:33:42 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2576590Aaron Tiensivu's Blog<p>Helps prevent SQL injection attacks to IIS sites, among other new features: 1. W3C formatted logging: UrlScan v3.0 RTW has W3C formatted logs so that analyzing log files is more accessible by writing queries against them using Log Parser. 2. Allow r</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2576590" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2571052Thu, 21 Aug 2008 08:06:05 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2571052iis<p>About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2571052" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2522616Tue, 29 Jul 2008 16:36:04 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2522616ziembor.pl<p>URLscan nie jest martwy?</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2522616" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2520919Tue, 29 Jul 2008 05:27:19 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2520919Anonymous<p>To reduce number of SQL injection attempts, I would monitor my UrlScan logs for known bad sites and then use the IP restriction list to block those sites.</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2520919" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2491670Tue, 15 Jul 2008 20:09:19 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2491670Anonymous<p>Will URLScan reduce the amount of bandwidth taken up by the SQL injection pelting?</p> <p>Does it help to reduce the number of attempts? If not is there anything to reduce number of injection attempts?</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2491670" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2481642Thu, 10 Jul 2008 22:57:29 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2481642naziml<p>No UrlScan will not monitor POST data. Check <a rel="nofollow" target="_new" href="http://blogs.iis.net/nazim/archive/2008/06/30/urlscan-v3-0-filtering-based-on-request-entity.aspx">blogs.iis.net/.../urlscan-v3-0-filtering-based-on-request-entity.aspx</a> </p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2481642" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2466196Thu, 03 Jul 2008 19:33:03 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2466196Anonymous<p>Will URL Scan 3.0 monitor post data when forms are submitted?</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2466196" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2453590Fri, 27 Jun 2008 23:33:02 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2453590naziml<p>I definitely see the value in an 'AND' evaluation of a list. Let me think about it a little more. Thanks for the feedback.</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2453590" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2451915Fri, 27 Jun 2008 10:24:45 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2451915Rovastar<p>For your reference Nazim here appears to be a legitimate use of the &gt; characters.</p> <p><a rel="nofollow" target="_new" href="http://forums.iis.net/t/1150115.aspx">forums.iis.net/.../1150115.aspx</a></p> <p>I am wondering if you could change the tool so that you only reject a request if you have both &lt; and &gt; </p> <p>I am trying to look from an admin point of view and what is useful in the real world. It cannot reject legit request while at the same time increase security.</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2451915" width="1" height="1">http://blogs.iis.net/nazim/archive/2008/06/24/using-the-new-rules-configuration-in-urlscan-v3-0-beta-part-1.aspx#2450560Thu, 26 Jun 2008 20:10:31 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2450560Anonymous<p>THANK YOU&gt;</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2450560" width="1" height="1">