Specifying string with semicolons in UrlScan.ini
https://stackoverflow.com/questions/11850833
-
25-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I want to block user-agents with UrlScan on IIS 6. However I am not able to specify a user-agent with a semicolon in the string. I think this is a very common scenario, but I can't find any answer on how to escape a semicolon in UrlScan.ini (where semicolon are used for commenting). This is the rule:
RuleList=DenyUserAgent
[DenyUserAgent]
DenyDataSection=AgentStrings
ScanHeaders=User-Agent
[AgentStrings]
Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/10.0.2
I tested it and it blocks all the user-agents that start with "Mozilla/5.0 (Windows NT 5.1" because it considers the rest of the string as a comment.
Solution
It seems like you would need to URL escape it, i.e. %3B
See http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/ for examples; one such example they have is blocking semicolon in the querystring to block a SQL injection attack
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
