Step 13. ISAPI Filters

Previous page
Table of content
Next page

In the past, vulnerabilities in ISAPI filters caused significant IIS exploitation. There are no unneeded ISAPI filters after a clean IIS installation, although the .NET Framework installs the ASP.NET ISAPI filter (Aspnet_filter.dll), which is loaded into the IIS process address space (Inetinfo.exe) and is used to support cookie-less session state management.

If your applications do not need to support cookie-less session state and they do not set the cookieless attribute to true on the <sessionState> element, this filter can be removed.

During this step, you remove unused ISAPI filters.

Remove Unused ISAPI Filters

Remove any unused ISAPI filters as explained in the following section.

 Task   To view ISAPI filters

  1. To start IIS, select Internet Services Manager from the Administrative Tools programs group .

  2. Right-click the machine (not Web site, because filters are machine wide), and then click Properties .

  3. Click Edit .

  4. Click the ISAPI Filters tab.

    The tabbed page shown in Figure 16.5 is displayed:

    click to expand
    Figure 16.5: Removing unused ISAPI filters



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Project Management JumpStart
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
SQL Hacks
Cisco Voice Gateways and Gatekeepers
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy