UrlScan 3.1

re: UrlScan 3.1

rebeccascott — Thu, 18 Jun 2009 14:04:25 GMT

Has it been confirmed if this product works with MCMS?

re: UrlScan 3.1

PepperdotNet — Fri, 23 Jan 2009 21:28:01 GMT

Wade,

This looks like a great tool. I spent most of the day yesterday implementing it on one of our Win2003 x86 development servers. It does exactly what it needs to do.

Now, I need to take the next step and put it on our test platform which is Win2003 x64. No matter what I've tried, I cannot get URLScan to do anything. We needed x64 so that additional memory would be available for additional, larger application pools, but the application pools run in 32-bit mode for compatibility with some classic ASP and 32-bit resources it depends on. I think this is at the root of my problem but I have no idea how to work around it. This scenario (32-bit compatibility on x64) needs to be addressed in the documentation.

Can anyone help me with this?

IIS 6.0 - URLSCAN 3.1 and Outlook Web Access

Ganesh Anekar's Blog — Fri, 26 Dec 2008 12:29:30 GMT

I was working with one of the customer on Urlscan and their requirement was to install Urlscan on Windows

Web Platform Installer now supports XP - And the Master Plan continues

ASPInsiders — Mon, 24 Nov 2008 20:56:43 GMT

Remind me to tell you some time why the IIS team is so evil clever. It' cool to see the first steps of

re: UrlScan 3.1

Anonymous — Wed, 19 Nov 2008 21:26:34 GMT

Wade,

I just found the additional installation instructions here: learn.iis.net/.../urlscan-setup. So I was able to get URLScan start logging in a new directory after I granted Read & Write access to the IIS_WPG account on the log folder.

I was debating about moving the urlscan.dll & urlscan.ini to the same area as I moved the logs but I was wondering... If a 3.2 came out would the upgrade/installation of that version just put urlscan files back in %windir%\system32\inetsrv and additionally under %windir%\syswow64\inetsrv and update IIS to those directories? That would be a pain to manage and possibly cause issues. Or would it search my hard drive and update any existing versions I had? I'm hoping the later because we have a policy of installing all "need to be backed up files" on a different volume other than C:\. Another possiblity is to allow the installer to select where they want urlscan to be installed.

Thanks again, Brian

re: UrlScan 3.1

Anonymous — Wed, 19 Nov 2008 20:57:41 GMT

I've been a fan of the URLScan 2.x product line. But I just installed URLscan 3.1 (x64) and I cannot get the product to change the loggin directory. There is no documentation to show new users what this product looks like installed and there is no documentation on how to test it once it is installed.

So Wade, can you provide a picture of what URLScan looks like installed to IIS & the folder structure as well as give a few simple command line instructions using telnet and the HTTP methods/verb that will generate a failure in the log file?

Thanks Brian

Friday Links #24 | Blue Onion Software *

Friday Links #24 | Blue Onion Software * — Sat, 08 Nov 2008 00:47:07 GMT

Pingback from Friday Links #24 | Blue Onion Software *

URLScan 3.1 Released

Robba's Weblog — Mon, 03 Nov 2008 17:26:31 GMT

The IIS Team released a new version of the URLScan tool this weekend to help mitigate against SQL Injection

Microsoft Urlscan Filter v3.1

beqiraj.net — Sun, 02 Nov 2008 11:10:36 GMT

Microsoft Urlscan Filter v3.1

Neil Carpenter's Blog : SQL Injection Hijinks

Neil Carpenter's Blog : SQL Injection Hijinks — Sat, 01 Nov 2008 00:02:33 GMT

Pingback from Neil Carpenter's Blog : SQL Injection Hijinks