Home All Groups Group Topic Archive Search About

URLScan a single site?

microsoft.public.inetserver.iis.security
Author
30 Sep 2008 1:41 PM
JasonT80
I have an IIS 6 server running multiple web sites via individual IPs.  All
sites are WSS 3.0; some internal and some public facing.  I would like to
write a URLScan rule to block the "_layout" directories from view by the
public.  How can I write a rule that only applies to a single site?  Below is
the rule I would like to use, but I only want it to apply to "www.mysite.com"
or IP "2.3.4.5".  Thanks in advance!

[Options]
RuleList=Public_SharePoint

[Public_SharePoint]
DenyDataSection=Public_SharePoint Strings
ScanUrl=0

[Public_SharePoint Strings]
_layouts

--
Jasont80

Author
1 Oct 2008 10:55 AM
David Wang
On Sep 30, 6:41 am, JasonT80 <Jason***@discussions.microsoft.com>
wrote:
Show quoteHide quote
> I have an IIS 6 server running multiple web sites via individual IPs.  All
> sites are WSS 3.0; some internal and some public facing.  I would like to
> write a URLScan rule to block the "_layout" directories from view by the
> public.  How can I write a rule that only applies to a single site?  Below is
> the rule I would like to use, but I only want it to apply to "www.mysite.com"
> or IP "2.3.4.5".  Thanks in advance!
>
> [Options]
> RuleList=Public_SharePoint
>
> [Public_SharePoint]
> DenyDataSection=Public_SharePoint Strings
> ScanUrl=0
>
> [Public_SharePoint Strings]
> _layouts
>
> --
> Jasont80


Install URLScan (an ISAPI Filter) per-website, and have this special
config apply to that per-website instance of URLScan.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Author
13 Oct 2008 1:30 PM
Ken Schaefer
Hi,

URLScan v3.0 can load per site, rather than as a server-wide filter. You
need to ensure that requests are handled by URLScan before the WSS filter.

Cheers
Ken

Show quoteHide quote
"JasonT80" <Jason***@discussions.microsoft.com> wrote in message
news:8823C003-13E0-47B6-9FE9-B7E7F18F17F4@microsoft.com...
>I have an IIS 6 server running multiple web sites via individual IPs.  All
> sites are WSS 3.0; some internal and some public facing.  I would like to
> write a URLScan rule to block the "_layout" directories from view by the
> public.  How can I write a rule that only applies to a single site?  Below
> is
> the rule I would like to use, but I only want it to apply to
> "www.mysite.com"
> or IP "2.3.4.5".  Thanks in advance!
>
> [Options]
> RuleList=Public_SharePoint
>
> [Public_SharePoint]
> DenyDataSection=Public_SharePoint Strings
> ScanUrl=0
>
> [Public_SharePoint Strings]
> _layouts
>
> --
> Jasont80



Post Other interesting topics
IIS 6 Integrated Security....risks??
IIS requiring authentication
Kerberos
Kerberos Configured, but occasionally users login using NTLM
The 'Source' permission for WebDAV in IIS 7.0
SQL injection attempt
IIS 6 <domain>\<user> vs <user>@<domain>
Requiring Logon
Want IIS5 ASP page to read data on another server
ssl server cert reqeust not working