It protects you against bad people including bad things in an HTTP request. We have it on all 5 servers in a CF cluster and have not noticed any overhead. What we have noticed is just how many attempts to send malicious 'stuff' to our servers we get every day.
Install it ASAP ----- Original Message ----- From: Kola Oyedeji To: CF-Server Sent: Tuesday, February 11, 2003 3:10 PM Subject: RE: CFMX and URLScan - What is consensus? Has anyone noticed any additional performance overhead as a result of using it? Also What exactly does it protect you against? Cross-site scripting? Thanks Kola >> -----Original Message----- >> From: Mark Woods [mailto:[EMAIL PROTECTED]] >> Sent: 11 February 2003 14:34 >> To: CF-Server >> Subject: RE: CFMX and URLScan - What is consensus? >> >> At 09:05 11/02/2003, you wrote: >> >What exactly does URLscan do? >> >> see: >> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur i >> ty/tools/tools/URLScan.asp >> >> it's a http request filtering tool that runs as a high priority isapi >> filter in IIS, blocking incoming requests that are considered "risky" >> according to the settings in your urlscan.ini file. >> >> Every IIS server should be running it, or something similar. We've been >> running it for over a year alongside CF5 without any problems and >> upgraded >> all our servers to version 2.5 a few months ago without a hitch. To use >> it >> with CFMX you'll just need to ensure that you allow requests for >> coldfusion >> files (I haven't used CFMX, but doesn't it have a new .cfc extension for >> CFCs?). As far as I recall, the default config will allow requests for >> all >> extensions that are not in the DenyExtensions list so it should work "out >> of the box" for CFMX as well as CF5. >> >> >> Mark >> >> ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
