Wade Hilmo Posts

wadeh
Dynamic IP Restriction Proxy Mode
Aug 01, 2012

  Last week, we released the final version of our Dynamic IP Restrictions module for IIS 7.x .  The feature is also built into IIS 8.0, which is included with Windows 8 and Windows Server 2012. At the highest level,...

1 comments

wadeh
Application Initialization Part 2
May 01, 2012

In my last post , I gave a bit of background on the Application Warm-Up module , now called Application Initialization. This week, I would like to go into more detail as to what the Application Initialization module does, and...

4 comments

wadeh
(Re)introducing Application Initialization
Apr 16, 2012

“IIS is a demand-driven web server, i.e. IIS does things only when asked for…” This was the start of a blog post back in late 2009 announcing the beta for the IIS 7.5 Application Warm-Up module.  The idea behind this module...

3 comments

wadeh
How IIS blocks characters in URLs
Apr 20, 2011

Recently, the question came up about why it is not possible for IIS to handle a URL that contains a ‘%’ character that is not part of an escape sequence.  The resulting discussion produced some informative references to the...

1 comments

wadeh
Understanding Versions of the IIS FTP Server
Sep 03, 2009

It’s been a busy few days on the IIS Security Team. Earlier this week, a vulnerability was found in the IIS FTP server. We have been working with security teams across Microsoft to research the issue and formulate a response to...

6 comments

wadeh
Running Perl on IIS 7
Apr 13, 2009

We've had a few people on our forums asking about running Perl on IIS 7. This led to some discussion on the team about getting it to work with FastCGI. The team has been doing a lot of great work with the Web Platform Installer...

18 comments

wadeh
How IIS can help with SQL Injection
Dec 18, 2008

2008 has been a busy year for attackers exploiting SQL Injection vulnerabilities in web applications. Once again, I am finding questions about this subject in my inbox. Earlier today, I found myself reviewing the material that...

5 comments

wadeh
Filtering for SQL Injection on IIS 6 and earlier
Dec 18, 2008

This article is specific to IIS 6 and earlier. If you are using IIS 7.0 or later, please see this article . The IIS team has created an add-on tool for IIS called UrlScan that is able to filter HTTP requests. If a request is found...

5 comments

wadeh
Filtering for SQL Injection on IIS 7 and later
Dec 18, 2008

This article is specific to IIS 7 and later. If you are using IIS 6.0 or earlier, please see this article . Starting with version 7.0, IIS has a built-in feature that is able to filter HTTP requests. If a request is found to have...

8 comments

wadeh
UrlScan 3.1
Oct 31, 2008

Earlier this year, it came to our attention that our customers were being subjected to a SQL Injection attack . In response to that, we updated the venerable UrlScan filter and released version 3.0 with new features that provide...

16 comments

wadeh
UrlScan v3.0 Beta Release
Jun 24, 2008

The IIS team has some street smarts when it comes to security. We learned quite a few lessons the hard way back in 2001 with the outbreak of the CodeRed worm.  One of the lesser known facts about the Code Red worm is that...

37 comments

wadeh
Understanding FastCGI Settings for IIS 5.1 & 6
Mar 02, 2007

So here it is, my first ever blog post. I am not new to posting about IIS on the internet. A quick newsgroup search reminds me that I've posted to around 900 threads related to IIS. The first time was on June 10, 1997, where I...

15 comments Tags: