Pitfalls

Previous page
Table of content
Next page

If you use URLScan, you might run into the following issues:

  • URLScan blocks the DEBUG verb which breaks application debugging. If you need to support debugging, add the DEBUG verb to the [ AllowVerbs ] section in URLScan.ini.

  • You need to recycle IIS for changes to take effect. URLScan is an ISAPI filter that runs inside the IIS process (Inetinfo.exe) and URLScan's options are loaded from URLScan.ini when IIS starts up. You can run the IISReset command from a command prompt to recycle IIS.

  • URLScan blocks requests that contain potentially harmful characters, for example, characters that have been used to exploit vulnerabilities in the past such as "." used for directory traversal. It is not recommended that project paths contain the "." character. If you must allow this, you need to set AllowDotInPath=1 in URLScan.ini.

    If your Web application directories include dots in the path , for example, a directory containing the name "Asp.Net", then URLScan will reject the request and a "404 not found" message will be returned to the client.

    Other characters to avoid in project names because they will be rejected by URLScan include comma (,) and the pound sign (#).



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
SQL Hacks
Visual C# 2005 How to Program (2nd Edition)
GO! with Microsoft Office 2003 Brief (2nd Edition)
Twisted Network Programming Essentials
Cultural Imperative: Global Trends in the 21st Century
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy