Suppress certain expressions in URLs

Applies To: Windows Server 2008 R2

URLScan was a utility Microsoft distributed that enabled you to monitor all incoming URLs and suppress certain strings before they were processed. This enabled Web server administrators to do things like block certain executables, create hidden directories unreachable with HTTP, and set limits for connections, among others. All of this functionality has been included into this version of IIS.

Notes

If you used the URLScan tool in IIS 6.0 and have a library of expressions in the Urlscan.ini file, you can migrate these expressions to the new IIS 7 XML configuration files to continue filtering HTTP requests for these same expressions.

If you cannot migrate these expressions immediately, you can continue using the same Urlscan.ini file. To do this, you must continue using the URLScan tool, but the installer for UrlScan version 2.5 does not work on Windows ServerĀ® 2008 R2. To work around this issue, copy Urlscan.dll and Urlscan.ini to the server running IIS 7 and then setup Urlscan.dll as a global ISAPI filter in IIS.

Step Reference

Review how request filtering works.

Overview of Request Filtering

Configure IIS 7 to filter HTTP requests.

Configure Request Filtering

See Also

Other Resources

Web Server on Tech Center (online)