IIS 7.0 incorporates all the core features of URLScan into a module called Request Filtering and added a feature called Hidden Segments. This list of IIS.net?links recaps each of the features Request Filtering provides and gives a real world example of how to apply it to your environment. Request Filtering may be managed via the IIS Manager if IIS Delegation has been enabled. Filter Double-encoded Requests?- This feature prevents attacks that rely on double-encoded requests. 1. maxAllowedContentLength this is the upper limit on the content size. Filter by Verbs - This feature defines a list of VERBS that IIS 7.0 accepts as part of a request.
Filter High Bit Characters?-? This feature defines a set of allowed file extensions that IIS 7.0 will serve.
Filter Based on File Extensions?- This feature defines a set of allowed file extensions that IIS 7.0 will serve.
Filter Based on Request Limits - This filter combines three features:
2. maxUrl this is the upper bound on a URL length.
3. maxQueryString this is the upper bound on the length of a query string.
Filter Based on URL Sequences - This feature defines a list of sequences that IIS 7.0 rejects when it is part of a request.
- 2 Users Found This Useful
