Has anyone noticed any additional performance overhead as a result of using it? Also What exactly does it protect you against? Cross-site scripting?
Thanks Kola >> -----Original Message----- >> From: Mark Woods [mailto:[EMAIL PROTECTED]] >> Sent: 11 February 2003 14:34 >> To: CF-Server >> Subject: RE: CFMX and URLScan - What is consensus? >> >> At 09:05 11/02/2003, you wrote: >> >What exactly does URLscan do? >> >> see: >> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur i >> ty/tools/tools/URLScan.asp >> >> it's a http request filtering tool that runs as a high priority isapi >> filter in IIS, blocking incoming requests that are considered "risky" >> according to the settings in your urlscan.ini file. >> >> Every IIS server should be running it, or something similar. We've been >> running it for over a year alongside CF5 without any problems and >> upgraded >> all our servers to version 2.5 a few months ago without a hitch. To use >> it >> with CFMX you'll just need to ensure that you allow requests for >> coldfusion >> files (I haven't used CFMX, but doesn't it have a new .cfc extension for >> CFCs?). As far as I recall, the default config will allow requests for >> all >> extensions that are not in the DenyExtensions list so it should work "out >> of the box" for CFMX as well as CF5. >> >> >> Mark >> >> ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
