Re: Install/Use UrlScan on 6.0?
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: Mon, 17 Oct 2005 00:25:59 -0700
IIS6 is secure without using URLScan.
If you need the additional features of URLScan, you can install and use it
on IIS6. That is why we gave the side-by-side comparison so that you can
make the informed decision yourself.
There is no native 64bit version of URLScan.
What you have to realize is that:
1. Yes, URLScan has additional features not in IIS6
2. However, some URLScan features are worse than IIS6
So, security is not a simple matter of just installing software to "secure
my IIS more". It is deciding on the right tradeoff between security and
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Eric George" <firstname.lastname@example.org> wrote in message news:h4C3f.29507$ir4.10641@edtnps90... Hi there, A question that probably has been here a thousand times. I'm running IIS 6.0 and will be using it for development of dynamic content on Professional 64-bit. I read: http://www.microsoft.com/technet/security/tools/urlscan.mspx but am still not sure if I should use it. Basically can anyone tell me if it will secure my IIS more? The link didn't tell me specifically what UrlScan has that IIS doesn't already have, except verb control (which may be a reason to use it anyways). THANKS