UrlScan

All posts tagged UrlScan

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsary to install URLscan.

urlscan1

 

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

urlscan2

 

Click on Install. You are shown a review of components you selected to install. Click on I accept.

urlscan3

 

The components are installed and will show you a Finish screen. Click on Finish.

urlscan4

 

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

urlscan5

 

The installation is very quick. Once it finishes,click on “Finish”.

urlscan6

 

 

Now open IIS Manager. Click on ISAPI filters.

urlscan7

 

If everything went well, we should see a filter already set like below.

urlscan8

 

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan9

 

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

urlscan10

 

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini)  to make some changes to it.  It is located by default at “C:WindowsSystem32inetservurlscan” and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

urlscan11

 

Now let’s again try to bannergrab using Idserve.  Restart the web server.

urlscan12

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.