URLScan screens all incoming requests to an IIS web server, and only allows ones to pass that comply with a ruleset created by the administrator. This significantly improves the security of the server by helping ensure that it only responds to valid requests.
The tool allows the administrator to filter requests based on length, character set, content and other factors. A default ruleset is provided, which can be customized to meet the needs of a particular server.
URLScan is extremely flexible. Its default rule set fully protects a server against virtually all known security vulnerabilities affecting IIS, as well as potentially protecting against additional, as-yet undiscovered attack methods. The default rules can be modified – and new rules can be added – in order to customize the tool"s actions to match the needs of a particular server.
Requirements: IIS 4.0, IIS 5.0, IIS 5.1
Operating Systems: Windows NT 4.0 & 2000, Win XP