Suppress certain expressions in URLs
Applies To: Windows Server 2008 R2
URLScan was a utility Microsoft distributed that enabled you to monitor all incoming URLs and suppress certain strings before they were processed. This enabled Web server administrators to do things like block certain executables, create hidden directories unreachable with HTTP, and set limits for connections, among others. All of this functionality has been included into this version of IIS.
If you used the URLScan tool in IIS 6.0 and have a library of expressions in the Urlscan.ini file, you can migrate these expressions to the new IIS 7 XML configuration files to continue filtering HTTP requests for these same expressions.
If you cannot migrate these expressions immediately, you can continue using the same Urlscan.ini file. To do this, you must continue using the URLScan tool, but the installer for UrlScan version 2.5 does not work on Windows Server® 2008 R2. To work around this issue, copy Urlscan.dll and Urlscan.ini to the server running IIS 7 and then setup Urlscan.dll as a global ISAPI filter in IIS.
Review how request filtering works.
Configure IIS 7 to filter HTTP requests.