A little background on what I enjoy doing. I enjoy may aspects of managing a large IIS server farm. One of those aspects is security. Having used URLScan for so long and learning the best practices of using URLScan I decided it doesn’t provide me with the information or capabilities I am actually looking for. That being said I also enjoy development. I decided to take my programming skills and create a service where it reads in the raw tcp data, parses out the information.
For Non-SSL related requests this works great because I get both the GET requests, and POST requests with actual content for both. This allows me the flexibility to create unique Rules to block traffic based off of more than just the basic URL, QueryString, Cookie, UserAgent or other bit of information you can get with an ISAPI filter. In fact I can be even more specific and say if the URL has a specific value, and the POST data has a specific value in it, then block the request.
If anyone is interested in running tests on non-production servers I would be happy to let you guys test it out. Please send me a comment and I’ll put together something for you.+1 this post if it helped you!