Skip to content

Microsoft IIS URLScan inflexiblities

Well this certainly sucks. I’ve been working with IIS a little bit and
have installed URLScan and locked down the IIS server the best that I know
of with all the tools available from M$ to help lock this stuff down.
(The Microsoft Baseline Auditor Tool works well for this).

So here I am happy with a somewhat secure lockdown for my purposes and
I figure why not serve up files from the web server such as some nice
freeware utilities I found. Well, it seems URLScan bans all files ending in
.exe unless you unconfigure it. Suck. I want just a set of files
in one directory banned not ALL of them.

Kudos to this web archive (and Der Keiler
of the newsgroup:

From: (Jeff Cochran)
Date: Fri, 01 Nov 2002 13:45:40 GMT
>Does anybody know if I can allow a specific .exe file and not ALL .exe

Not in URLScan.


Be Sociable, Share!