Many sites have been victims of SQL injection lately and this updated URLScan for IIS is a nice way to help prevent the attacks until the underlying code can be fixed. Here are a few excerpts from the 3.0 Beta release:
As our next measure, we are today releasing a beta for a new version of UrlScan - version 3.0 - that can reach these SQL requests and block them. This release includes a GoLive license, so you can deploy it on your production servers. UrlScan version 3 is compatible with the configuration files for the existing UrlScan version 2.5, so you if you are already running UrlScan, everything will still work as it did - except you'll have new options. Also, since its been just over 5 years since UrlScan 2.5 shipped, we've taken the opportunity to add some frequently requested features. The new set of features in version 3 are:
1. Support for query string scanning, including an option to scan an unescaped version of the query string.
2. Change notification for configuration (no more restarts for most settings)
3. UrlScan can be installed as a site filter. Different sites can have their own copy, with their own configuration.
4. Escape sequences can be used in the configuration file to express CRLF, a semicolon (normally a comment delimiter) or unprintable characters in rules.
5. Custom rules can be created to scan the URL, query string, a particular header, all headers or combination of these. The rules can be applied based on the type of file requested.
We also have plans to update the IIS 7 request filter to add these features. In the interim, UrlScan 3 is fully supported on IIS 7.
You can read more about it and download it from
here.
Download the x86 version
here and x64 version
here.
