RE: URLScan and EXE

From: Wei-Dong XU [MSFT] (v-wdxu_at_online.microsoft.com)
Date: 05/04/04 

Date: Tue, 04 May 2004 07:16:34 GMT

Hi Tad,

>From my understanding, you are going to use Foo extension for your server-side exe files so that URLscan will not deny the request for these exe
files.

To do so, I think you will have to perform one configuration, which make Windows OS treat the file with the extension .foo as the same to the one
with .exe. However, this kind of configuration is not recommended by Microsoft, for this one will affect the default behavior of OS handling to the
executable files.

For your convenience, I show this for you
1) You can type "regedit"(without quotation mark) in start->run to call the regedit and locate the ".exe" key under the HEKY_CLASSES_ROOT.
2) Please record the tree structure with the key defined in this node, then create one .foo Key with the same to the .exe one.
3) Close the regedit and then Windows OS loader will treat the .foo as one executable files, which will try to load it.
(since this operation will modify the registry, plesae backup the registry first)
*please note this method is not recommanded by Microsoft. Appreciate your understanding!

"Can I change the file extension on the URL through an ISAPI filter after it passes through URLScan?"
I think this idea will solve your issue very well without any configuration on the Windows OS system. You can place one ISAPI redirect filter in the
IIS global filter setting. Then each request to the .foo will by redirect to the real executable url; the URLScan will not disable this kind of request
because the raw redirect from the client contains no exe extension in the url.

For this method, I'd suggest you can use the excellent ISAPI redirect sample from codeproject.com as one beginning, developed by bryce, which
demonstrates how to change the cfm extension into asp extension. You can change the code from cfm-asp handling to foo-exe very easily. Then
set this filter in the IIS global filter settings. Plesae see the steps below:
1) type "inetmgr"(without quotation mark) in start->run to call the IIS mmc
2) right-click the servername node in the left tree view of IIS mmc, select "properties" in the pop-up menu
3) ensure the "WWW service" is select in the property list box and click the button "Edit..."
4) in the poped up window, please select the ISAPI filter tab
5) add the redirect isapi filter with the button "Add..."

Please feel free to let me know if you have any question.

Best Regards,
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.