Using URLScan on IIS

The purpose of this article is to ensure effective distribution of the Internet Information Services (IIS) security tool URLScan. URLScan is an add-on tool that can be used by Web site administrators. The administrators can control the actions of URLScan and can restrict the type of HTTP requests that the server processes.

If you are upgrading from an earlier version of URLScan (2.0, 2.1), all your previous configuration settings are retained while the executable and the URLScan.ini is updated with new features of URLScan 2.5.

Before you install URLScan 2.5, see the white paper on the following Microsoft Web site:
To download URLScan 2.5, visit the following Microsoft Web site: For information about URLScan and other security details in IIS, see the webcast on the following Microsoft Web site: For additional information about each feature of URLScan, click the following article number to view the article in the Microsoft Knowledge Base: Depending on the applications that you are running, there may be limitations or specific configurations for URLScan. For additional information about running URLScan with different applications, click the following article numbers to view the articles in the Microsoft Knowledge Base: