Table 1: Comparing request filtering and URLScan
Request Filtering Feature |
URLScan Equivalent Setting |
IIS 7.0 Error (Status Code) |
Filter Based on URL Sequences |
DenyUrlSequences |
Request Filtering: URL Sequence denied (404.5) |
Filter by Verbs |
UseAllowVerbs, AllowVerbs, and DenyVerbs |
Request Filtering: Verb denied (404.6) |
Filter Based on File Extensions |
AllowExtensions and DenyExtensions |
Request Filtering: File extension denied (404.7) |
Filter Out Hidden Segments |
Not Available |
Request Filtering: Denied by hidden segment (404.8) |
Filter Double-encoded Requests |
VerifyNormalization |
Request Filtering: Denied because URL doubled escaping (404.11) |
Filter High Bit Characters |
AllowHighBitCharacters |
Request Filtering: Denied because of high bit characters (404.12) |
Filter Based on Request Limits |
maxAllowedContentLength |
Request Filtering: Denied because content length too large (404.13) |
maxUrl |
Request Filtering: Denied because URL too long (404.14) |
|
maxQueryString |
Request Filtering: Denied because query string too long (404.15) |