UrlScan v3.0 is an upgrade to UrlScan v2.5 which was originally released as part of the IIS Lockdown Tool. UrlScan v3.0 maintains compatibility with its predecessor, so if you have a configuration file for the older version, you can use your existing configuration file with UrlScan v3.0 and the behavior will be identical.
Like its predecessor, UrlScan v3.0 is an ISAPI filter that reads configuration from a urlscan.ini file and restricts certain types of requests (enumerated in urlscan.ini) from being executed by IIS.
URL Scan 3.0 requires IIS 5.1 or later, including IIS 7.0 on Windows Server 2008, and offers many benefits, such as:
- Prevent potentially harmful requests from reaching Web applications
- Mitigate SQL injection attacks
- Analyze log files more easily through log parsing (it use W3C formatting logging)
- Deny rules that can be independently applied to URL, query string, all headers, a particular header or a combination of these
- Multiple urlscan instances can be installed as site filters, each with its own configuration and logging options (urlscan.ini)
Download UrlScan v3.0 RTW for x86
Download UrlScan v3.0 RTW for x64