URLScan Security Component for Windows NT/2000 Servers and IIS 5.x
While most people know and use the IIS Lockdown tool, few
install the URLScan companion piece. I strongly recommend
that this utility be installed on all servers running IIS
5.x, this is as important as staying up to date with
critical fixes. Much of the functionality is available in
IIS6, but why wait to upgrade when you can get that peace of
mind for free today?
From the summary: "URLScan
is an ISAPI filter that allows Web site administrators to
restrict the kind of HTTP requests that the server will
process. By blocking specific HTTP requests, the URLScan
filter prevents potentially harmful requests from reaching
the server and causing damage."
Many features
provided by URLScan are baked into IIS6, other potential
problems are avoided entirely by IIS6's redesigned page and
security models. The
URLScan home page
provides an excellent walk-through of URLScan features vs.
built-in IIS6 functionality.
Still running
ASP.NET sites on IIS5? Install it!