One note about this tool: the default settings in the INI file are set to block .htr files. These are used by OWA when a user tries to change a password via OWA. If you are using this feature then you will need to modify the INI file to allow .htr extensions. Tom -----Original Message----- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 12:42 PM To: Exchange Discussions Subject: New MS tool "URLSCAN" filters bad URL requests from your IIS (OWA ) server Importance: High Microsoft just released a new IIS utility called URLSCAN which can block suspicious URL's from your IIS server. You can get it from: http://www.microsoft.com/downloads/release.asp?ReleaseID=32571 I just installed it on my OWA server (NT4 sp6a, EX5.5 sp4) and it seems to work fine. It is configured by an INI file which tells it what types of URL requests to block. Here is the log of it starting up and blocking one request: _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
