All posts tagged UrlScan

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsary to install URLscan.



Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).



Click on Install. You are shown a review of components you selected to install. Click on I accept.



The components are installed and will show you a Finish screen. Click on Finish.



We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.



The installation is very quick. Once it finishes,click on “Finish”.




Now open IIS Manager. Click on ISAPI filters.



If everything went well, we should see a filter already set like below.



Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.



Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).



We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini)  to make some changes to it.  It is located by default at “C:WindowsSystem32inetservurlscan” and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.



Now let’s again try to bannergrab using Idserve.  Restart the web server.


We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.