Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

An update is available that provides improved features for the Request Filtering module in IIS 7.0


View products that this article applies to.

Summary

In Internet Information Services (IIS) 7.0, the Request Filtering module provides more capabilities to help secure IIS. This module inspects known malicious patterns in the requests. The module prevents such requests from being serviced if the module determines that the requests may be harmful. For example, this module enables you to filter requests that are double escaped, to filter requests that use certain HTTP verbs, or to block requests to specific folders.

↑ Back to the top


Introduction

An update package is now available to provide improved Request Filtering features. After you apply this update package, you can use the following features:
  • Creating rules to disallow string patterns in parts of requests

    This new feature enables you to create a rule list. You can specify rules to reject requests based on patterns that are matched against certain parts of an HTTP request. The main configuration for this feature is the filteringRules section under the system.webServer/security/requestFiltering section in the Applicationhost.config file or in the Web.config file. If a request is rejected because of this rule, HTTP status 404.19 is logged in the IIS log.
  • Creating a safe list for URLs or query strings

    This new feature lets you specify safe URLs or query strings that can bypass all the defined deny rules. For example, you can always allow the URL "/my.login.page.asp," even though this URL may trigger a defined deny rule. The main configuration for this feature is the alwaysAllowedUrls attribute and the alwaysAllowedQueryStrings attribute. These attributes are located under the system.webServer/security/requestFiltering section in the Applicationhost.config file or in the Web.config file.
  • Creating a deny list of query strings

    The most common SQL injection attacks are performed by manipulating query strings. This new feature enables you to filter malicious requests by inspecting the query strings.

    To deny a list of URL sequences for all requests, create a denyQueryStringSequences section in the Applicationhost.config file or in the Web.config file, and then add the list of strings that you want to disallow in the URLs of your requests. If a request is rejected because of this rule, HTTP status 404.18 is logged in the IIS log.
  • Checking for both escaped and unescaped query strings

    This new feature enables you to scan for both escaped query strings and unescaped query strings by using the unescapeQueryString attribute under the system.webServer/security/requestFiltering section in the Applicationhost.config file or in the Web.config file. If a request is rejected because of this rule, HTTP status 404.18 is logged in the IIS log.

↑ Back to the top


More information

Update information

The following files are available for download from the Microsoft Download Center:

Download the 32-bit package now.

Download the 64-bit package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

You must have Windows Vista Service Pack 1 or Windows Server 2008 installed to apply this update.

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update does not replace any other updates.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

This update updates all the files that are included in the component if any of the files in the component is updated. The files that are actually changed in this update are listed in the following tables.
IIS 7.0, x86-based versions
File nameFile versionFile sizeDateTimePlatform
Modrqflt.dll7.0.6001.2226136,86410-Sep-2008 03:27x86
Iis_schema.xmlNot applicable77,74709-Sep-200822:22Not applicable
IIS 7.0, x64-based versions
File nameFile versionFile sizeDateTimePlatform
Modrqflt.dll7.0.6001.2226145,56810-Sep-2008 04:36x64
Iis_schema.xmlNot applicable77,74709-Sep-200823:02Not applicable
IIS 7.0, Itanium-based versions
File nameFile versionFile sizeDateTimePlatform
Modrqflt.dll7.0.6001.2226194,72010-Sep-2008 04:32IA-64
Iis_schema.xmlNot applicable77,74709-Sep-200823:18Not applicable
The following tables list all the files that are included in this update.
IIS 7.0, x86-based versions
File nameFile versionFile sizeDateTimePlatform
Modrqflt.dll7.0.6001.2226136,86410-Sep-200803:27x86
Admwprox.dll7.0.6001.2226151,71210-Sep-200803:27x86
Ahadmin.dll7.0.6001.2226127,13610-Sep-200803:27x86
Appcmd.exe7.0.6001.22261154,11210-Sep-200803:26x86
Appcmd.xmlNot applicable3,65418-Dec-200721:00Not applicable
Applicationhost.configNot applicable7,98918-Dec-200721:00Not applicable
Appobj.dll7.0.6001.22261311,29610-Sep-200803:27x86
Aspnetca.exe7.0.6001.22261182,78410-Sep-200803:26x86
Aspnet_schema.xmlNot applicable38,78618-Dec-200721:00Not applicable
Fx_schema.xmlNot applicable26,97118-Dec-200721:00Not applicable
Iismig.dll7.0.6001.22261209,40810-Sep-200803:27x86
Iisreg.dll7.0.6001.2226189,08810-Sep-200803:27x86
Iisres.dll7.0.6001.22261193,02410-Sep-200801:44x86
Iisreset.exe7.0.6001.2226114,84810-Sep-200803:27x86
Iisrstap.dll7.0.6001.222618,19210-Sep-200803:27x86
Iisrstas.exe7.0.6001.2226131,23210-Sep-200803:27x86
Iisrtl.dll7.0.6001.22261153,60010-Sep-200803:27x86
Iissetup.exe7.0.6001.22261228,86410-Sep-200803:27x86
Iissyspr.dll7.0.6001.2226159,39210-Sep-200803:27x86
Iisutil.dll7.0.6001.22261202,75210-Sep-200803:27x86
Iis_schema.xmlNot applicable77,74709-Sep-200822:22Not applicable
Nativerd.dll7.0.6001.22261326,65610-Sep-200803:27x86
Redirection.configNot applicable49018-Dec-200721:00Not applicable
Rsca.dll7.0.6001.2226126,62410-Sep-200803:27x86
Rscaext.dll6.0.6001.2226138,91210-Sep-200803:27x86
Rscaext.xmlNot applicable8,36318-Dec-200721:00Not applicable
W3ctrlps.dll7.0.6001.222619,21610-Sep-200803:27x86
Wamregps.dll7.0.6001.2226110,75210-Sep-200803:27x86
IIS 7.0, x64-based versions
File nameFile versionFile sizeDateTimePlatform
Modrqflt.dll7.0.6001.2226145,56810-Sep-200804:36x64
Admwprox.dll7.0.6001.2226154,78410-Sep-200804:36x64
Ahadmin.dll7.0.6001.2226161,44010-Sep-200804:36x64
Appcmd.exe7.0.6001.22261190,97610-Sep-200804:35x64
Appcmd.xmlNot applicable3,65418-Dec-200721:00Not applicable
Applicationhost.configNot applicable7,98918-Dec-200721:00Not applicable
Appobj.dll7.0.6001.22261378,36810-Sep-200804:36x64
Aspnetca.exe7.0.6001.22261218,62410-Sep-200804:35x64
Aspnet_schema.xmlNot applicable38,78618-Dec-200721:01Not applicable
Fx_schema.xmlNot applicable26,97118-Dec-200721:01Not applicable
Iismig.dll7.0.6001.22261242,68810-Sep-200804:36x64
Iisreg.dll7.0.6001.22261111,61610-Sep-200804:36x64
Iisres.dll7.0.6001.22261193,02410-Sep-200802:55x64
Iisreset.exe7.0.6001.2226116,89610-Sep-200804:35x64
Iisrstap.dll7.0.6001.2226111,26410-Sep-200804:36x64
Iisrstas.exe7.0.6001.2226134,81610-Sep-200804:35x64
Iisrtl.dll7.0.6001.22261192,51210-Sep-200804:36x64
Iissetup.exe7.0.6001.22261280,06410-Sep-200804:35x64
Iissyspr.dll7.0.6001.2226166,56010-Sep-200804:36x64
Iisutil.dll7.0.6001.22261275,45610-Sep-200804:36x64
Iis_schema.xmlNot applicable77,74709-Sep-200823:02Not applicable
Nativerd.dll7.0.6001.22261416,76810-Sep-200804:36x64
Redirection.configNot applicable49018-Dec-200721:01Not applicable
Rsca.dll7.0.6001.2226131,23210-Sep-200804:36x64
Rscaext.dll6.0.6001.2226144,03210-Sep-200804:36x64
Rscaext.xmlNot applicable8,36318-Dec-200721:01Not applicable
W3ctrlps.dll7.0.6001.2226113,82410-Sep-200804:37x64
Wamregps.dll7.0.6001.2226115,87210-Sep-200804:37x64
IIS 7.0, Itanium-based versions
File nameFile versionFile sizeDateTimePlatform
Modrqflt.dll7.0.6001.2226194,72010-Sep-200804:32IA-64
Admwprox.dll7.0.6001.22261119,80810-Sep-200804:32IA-64
Ahadmin.dll7.0.6001.2226182,43210-Sep-200804:32IA-64
Appcmd.exe7.0.6001.22261404,48010-Sep-200804:31IA-64
Appcmd.xmlNot applicable3,65418-Dec-200721:00Not applicable
Applicationhost.configNot applicable7,98918-Dec-200721:00Not applicable
Appobj.dll7.0.6001.22261726,01610-Sep-200804:32IA-64
Aspnetca.exe7.0.6001.22261432,12810-Sep-200804:31IA-64
Aspnet_schema.xmlNot applicable38,78618-Dec-200721:01Not applicable
Fx_schema.xmlNot applicable26,97118-Dec-200721:01Not applicable
Iismig.dll7.0.6001.22261452,09610-Sep-200804:32IA-64
Iisreg.dll7.0.6001.22261143,87210-Sep-200804:32IA-64
Iisres.dll7.0.6001.22261193,02410-Sep-200803:01IA-64
Iisreset.exe7.0.6001.2226134,81610-Sep-200804:31IA-64
Iisrstap.dll7.0.6001.2226118,94410-Sep-200804:32IA-64
Iisrstas.exe7.0.6001.2226178,33610-Sep-200804:31IA-64
Iisrtl.dll7.0.6001.22261393,21610-Sep-200804:32IA-64
Iissetup.exe7.0.6001.22261543,74410-Sep-200804:31IA-64
Iissyspr.dll7.0.6001.22261134,65610-Sep-200804:32IA-64
Iisutil.dll7.0.6001.22261513,02410-Sep-200804:32IA-64
Iis_schema.xmlNot applicable77,74709-Sep-200823:18Not applicable
Nativerd.dll7.0.6001.22261887,80810-Sep-200804:32IA-64
Redirection.configNot applicable49018-Dec-200721:01Not applicable
Rsca.dll7.0.6001.2226174,24010-Sep-200804:32IA-64
Rscaext.dll6.0.6001.22261111,61610-Sep-200804:32IA-64
Rscaext.xmlNot applicable8,36318-Dec-200721:01Not applicable
W3ctrlps.dll7.0.6001.2226122,52810-Sep-200804:33IA-64
Wamregps.dll7.0.6001.2226128,16010-Sep-200804:33IA-64

↑ Back to the top


References

An update is available that provides improved features for the Request Filtering module in IIS 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
960728 FIX: Requests that contain unescaped percent signs (%) can be used to bypass the request filtering module in IIS 7.0
For more information about how to use these enhanced features, visit the following Microsoft Web site:For more information about how to use request filtering, visit the following Microsoft Web site:For more information about how to use the UrlScan tool, visit the following Microsoft Web site:For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top


Keywords: kbautohotfix, kbfix, kbexpertiseadvanced, kbqfe, KB957508

↑ Back to the top

Article Info
Article ID : 957508
Revision : 3
Created on : 10/8/2011
Published on : 10/8/2011
Exists online : False
Views : 578