Frequently Asked Questions
To begin, click one of the following questions:
| • | What is UrlScan? |
| • | Will UrlScan 2.5 work with IIS 6.0? |
| • | I'm already using UrlScan 2.0. Why should I download this update? |
| • | I've already configured UrlScan for my site. Will UrlScan 2.5 overwrite my current configuration settings? |
| • | If UrlScan 2.5 helps protect my server against certain vulnerabilities, is it still necessary to apply security updates? |
| • | I'm not sure if I'm using chunked-transfer encoding in any of my custom applications. What is it? |
Question: What is UrlScan?
Answer: UrlScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed. UrlScan helps protect Web servers because most malicious attacks share a common ? characteristic they involve the use of a request that is unusual in some way. For instance, the request might be extremely long, request an unusual action, be encoded using an alternate character set, or include character sequences that are rarely seen in legitimate requests. By filtering unusual requests, UrlScan helps prevent such requests from reaching the server and potentially causing damage.
Question: Will UrlScan 2.5 work with IIS 6.0?
Answer: Yes. UrlScan 2.5 is the only version of UrlScan that Microsoft supports for use with IIS 6.0.
Question: I'm already using UrlScan 2.0. Why should I download this update?
Answer: UrlScan 2.5 includes new features that have been added to help improve the security of servers running IIS. These new features are as follows:
| • | Changing the log file directory |
| • | Logging long URLs |
| • | Restricting the size of requests |
Question: I've already configured UrlScan for my site. Will UrlScan 2.5 overwrite my current configuration settings?
Answer: No. The installer adds only new entries to your existing configuration file. UrlScan supports all of the configuration settings from earlier versions of UrlScan.
Question: If UrlScan 2.5 helps protect my server against certain vulnerabilities, is it still necessary to apply security updates?
Answer: Yes. To help protect your server from any new or existing security vulnerabilities, Microsoft strongly recommends that you evaluate and apply the latest security updates as soon as they are available.
Question: I'm not sure if I'm using chunked-transfer encoding in any of my custom applications. What is it?
Answer: Chunked-transfer encoding is an HTTP/1.1 feature that transmits the message body in a request or response as chunks that are stamped with their size. HTTP 1.1 allows clients to send POST requests by using chunked-transfer encoding. In most cases, IIS will automatically decode these requests before they are processed. If the size of the request exceeds a particular threshold (by default, 48 KB), then the ISAPI or CGI code to which the request is directed needs to be aware of chunked-transfer encoding to process the request correctly. If you have code running on a server that is receiving POST requests and you are not sure whether it supports chunked-transfer encoding, then consider using UrlScan to prohibit requests that include a "Transfer-Encoding" header. For more information about chunked-transfer encoding, see section 3.6.1 of RFC 2616, "Hypertext Transfer Protocol ? HTTP/1.1."
No comments:
Post a Comment