IIS7.5 install and configure UrlScan3.1 Application Firewall

URLScan is an ISAPI filter in IIS that can restrict the type of HTTP requests to be processed by the server. By blocking specific HTTP requests, URLScan filters can prevent harmful requests from arriving at the server and cause hazards. URLScan can be used for IIS7.5, IIS7, and IIS6.
IIS7.5 need to install IIS6 metadata compatibility, download: http://www.iis.net/download/urlscan
URLScan configuration file: C: \ Windows \ System32 \ inetsrv \ urlscan \ UrlScan. ini
Configuration file details:
 
UseAllowVerbs = 1
; The HTTP type of the request;
If it is set to 1, [AllowVerbs] takes effect;
If it is set to 0, [AllowVerbs] takes effect.
UseAllowExtensions = 0
; Suffix types allowed for requests;
If it is set to 0, [DenyExtensions] takes effect;
If it is set to 1, [AllowExtensions] takes effect.
NormalizeUrlBeforeScan = 1
; Standardize the URL before execution.
VerifyNormalization = 1
; Double standard URL.
AllowHighBitCharacters = 1
If it is set to 1, all bytes in the URL are allowed;
If it is set to 0, the URL containing non-ASCII characters will be rejected (such as UTF8 or MBCS ).
AllowDotInPath = 0
If it is set to 0, URLScan rejects all requests that contain multiple periods.
RemoveServerHeader = 0
Set to 1 to hide the server information.
AlternateServerName =
If the RemoveServerHeader is set to 0, you can customize the server shut down information.
If RemoveServerHeader is set to 1, this option is ignored.
EnableLogging = 1
; Enable Logging
PerProcessLogging = 0
If it is set to 0, a log file is created for each process.
PerDayLogging = 1
If set to 1, URLScan creates a new log file every day.
AllowLateScanning = 0
If it is set to 0, URLScan runs as a high-priority filter.
UseFastPathReject = 0
If it is set to 1, URLScan ignores the RejectResponseUrl setting and immediately Returns Error 404 to the browser.
If it is set to 0, URLScan uses the RejectResponseUrl setting to return the request.
RejectResponseUrl =
; Set the Url path to be returned