IIS 7.5 Request Filtering logs versus UrlScan 3.1

request-filteringwindows-server-2008-r2

When IIS 7.5 Request Filtering blocks a request it seems to add an entry into the regular IIS web logs with a 404.

a) Is there any way to send the detailed Request Filtering logs to a separate file? UrlScan could specify LoggingDirectory and keep this "noise" out of our real IIS logs

b) Also, is there a way to get more information that Request Filtering blocked a request? UrlScan logged the rule that caused the denial as well as control over a redirection using RejectResponseUrl which was especially convenient in non-production sites.

c) If these features are important is the recommended practice to still install UrlScan 3.1 on IIS 7.5 (Windows 2008 R2) and disable Request Filtering?

Any guidance is appreciated.

Best Answer

It is perfectly acceptable to use URLScan instead of Request Filtering if you like it better. It is even acceptable to use both at the same time as far as I know. I think for the use cases you talk about, URLScan might be easier to configure.

To answer your specific questions:

Request Filtering does not have separate logging. Using the Advanced Logging extension (with its filtering capabilities) could get you there though.
I think the lowest level of granularity you can get is the error sub code. Everything rejected by Request Filtering is a 404.x, where X is the reason that Request Filtering denied the request. This page contains a chart of the reasons. Since everything from Request Filtering is just a 404.x response code, you can use IIS custom errors to replace RejectResponseUrl.
Already answered above.

Best Answer

Related Solutions

Iis – Request Filtering is missing from IIS Manager

Windows Server 2008 r2 IIS: can’t allow access to file extension in request filtering

Related Topic