Using URLScan on IIS

This article was previously published under Q307608
The purpose of this article is to ensure effective distribution of the Internet Information Services (IIS) security tool URLScan. URLScan is an add-on tool that can be used by Web site administrators. The administrators can control the actions of URLScan and can restrict the type of HTTP requests that the server processes.

If you are upgrading from an earlier version of URLScan (2.0, 2.1), all your previous configuration settings are retained while the executable and the URLScan.ini is updated with new features of URLScan 2.5.
Before you install URLScan 2.5, see the white paper on the following Microsoft Web site:
To download URLScan 2.5, visit the following Microsoft Web site: For information about URLScan and other security details in IIS, see the webcast on the following Microsoft Web site: For additional information about each feature of URLScan, click the following article number to view the article in the Microsoft Knowledge Base:
326444 HOW TO: Configure the URLScan Tool
Depending on the applications that you are running, there may be limitations or specific configurations for URLScan. For additional information about running URLScan with different applications, click the following article numbers to view the articles in the Microsoft Knowledge Base:
309394 HOW TO: Use URLScan with FrontPage 2000
318290 HOW TO: Use URLScan with FrontPage 2002
815155 HOW TO: Configure URLScan to Protect ASP.NET Web Applications

Article ID: 307608 - Last Review: 04/20/2012 11:46:00 - Revision: 11.1

Microsoft Internet Information Services 6.0

  • kbinfo kbsectools kbsecurity KB307608