Install WebKnight in IIS6 (iis firewall)

How to install WebKnight in IIS6?

Our WebServer is IIS6, so here we only introduce the installation of IIS6. When I see some posts about WebKnight installation, I said that IIS can only be changed to IIS5.0 isolation mode (IIS5.0 isolation mode, however, in fact, the official website of WebKnight provides a solution to install WebKnight without the need to perform this operation. However, we need to abandon the global configuration feature of WebKnight. Compared with IIS6.0, I prefer to give up this feature of WebKnight:

First download a WebKnight,: http://aqtronix.com /? PageID = 99 # Download)
After decompression, there are two directories Setup and Source, where Source is the Source code. Here we only need to install it and go to Setup
After you enter Setup, there are two directories: w32 stands for 32-bit; x64 stands for 64-bit. You can select the operating system of your server, select x64 here (because the 32-bit and 64-bit file structures of WebKnight are identical, the following content is fully applicable to 32-bit operating systems)
Ensure that each of your websites runs in an independent application pool;
In the WebKnight configuration program

Deselect "Is Installed As Global Filter" under "Global Filter Capabilities"
Select "Per Process Logging" under "Logging", so that each application pool instance loads a separate WebKnight instance.

Make sure that the Windows User network service (or other users in the application pool you set) has the permission to modify the WebKnight folder.
Copy all files in the x64 folder in step 1 to the server (for example, F: \ WebKnight \ WebSite1 \). Note: Each website requires an independent and complete WebKnight, which cannot be shared.
Open IIS Manager
Right-click the website on which you want to install WebKnight> Properties> ISAPI filters
Click Add> Filter Name, for example (WebKnight). Select WebKnight. dll under the WebKnight directory for Excutable. (Note: select the WebKnight directory to which the website belongs. Do not select an error)
Click OK to complete the installation.
Click config.exe in the webknightdirectory. For detailed configuration methods, see the next section. After the configuration is complete, proceed to the next step. Remember
After the preceding operations, restart IIS (you can avoid Restarting IIS. You only need to stop and restart the application pool of the website configured with WebKnight)

How to configure WebKnight

Disclaimer: due to the many configurations of WebKnight, I will only write the recommended configuration here. My personal opinion is for your reference only. If you have better suggestions, I look forward to your sharing.

In the WebKnight directory (for example, F: \ WebKnight \ WebSite1 \ Taobao), double-click config.exe to start Configuration. In the displayed Open Configuration dialog box, select WebKnight. xml
Scanning Engine

No need to change the default configuration

Incident Response Handling attack Handling

If you want to see the denied.htm page in the webknightdirectory, select Response Directly;
If you want someone to see a page under your website, such as a http://www.xxx.com/Error/Denied.htm, select Response Redirect, enter the path of the file on your website (for example,/Error/Denied.htm) in the Response Redirect URL below)
If you Only want to record attacks, but do not want to interrupt user access, you can select Response Log Only

Logging logs

If the log volume is particularly large, please deselect Enabled. Otherwise, it is very likely that the available disk space will not be available, and there may be serious disk I/O performance problems.
Logs are stored in the LogFiles folder under the WebKnight Directory by default. To change the path, you can modify the Log Directory value.
WebKnight logs are stored in different files every day. By default, the data is stored for 28 days. You can modify this value in Log Retention.

Connection

No need to change the default configuration

Authentication Security Authentication

No need to change the default configuration

Request Limits Request restrictions

Unselect Limit Content Length (Content-Length is a value in the header, representing the size of the requested element). I personally think this option is unnecessary because the element size may be large.
Cancel the selection of Limit URL (that is, Limit the URL Length). The reason is the same as above. The URL may be too long.
Unselect Limit Query String (the length of the Query String). The reason is the same as above. The Query String may be long.
Unselect Limit HTTP Version (HTTP Version). I feel that there is no need to restrict the HTTP Version, which may cause users who have used earlier browsers to access their websites.
Deselect Use Max Headers (that is, limit the maximum length of each item in Headers ). I chose this option at the beginning, but in my practice, some items in Headers are too long because we use website traffic statistics and AD cooperation code, many normal requests are blocked, so I want to cancel this option once and for all.

URL Scanning URL Scan

Deselect RFC Compliant URL, RFC Compliant HTTP Url, and Deny Url HighBitShellCode. If these three parameters are selected, many less standard URL formats will be inaccessible, such as URLs containing Chinese characters.
Deselect Deny URL Backslash because \ is also used in the URL.
In URL Denied Sequences, it describes some URL strings that reject requests. If any of them is in use on your website, you can delete them by selecting the project to be deleted, right-clicking, click Remove Selected.

Mapped Path ing directory

Use Allowed Paths, which must be checked because it can restrict the physical path on the server that Web programs can access, all we need to do is add the physical path of our website in Allowed Paths below, such as F: \ WebSite1, to add a physical path, right-click an Item and Choose Insert Item. Enter the physical path and press Enter.

Requested File: the Requested File.

In Denied Files, remove the Files allowed by the website, such as log.htm and logfiles.
In Denied Extensions (request rejection suffix), remove the suffix of the website sequential request, such as: shtm

Robots Spider Program

No need to change the default configuration

Headers header information

In the Server Header, you can modify the value of the Server field in the Header. I think this can also be changed. It's fun.
To prevent legal requests, uncheck RFC Compliant Host Header and Use Denied Headers.

ContentType content type

Deselect Use Allowed Content Types. if selected, the file cannot be uploaded.

Cookie does not need to be translated into Chinese :)

No need to change the default configuration

User Agent/client

Uncheck Deny User Agent Empty and Deny User Agent Non RFC. Otherwise, some valid access requests will be rejected.

Referrer access

Unselect Use Referrer Scanning, because I don't think there is a serious security problem in the access route, or try to make legal requests pass. I chose to deselect this option.

Methods HTTP Request Method

No need to change the default configuration

Querystring query string

No need to change the default configuration

Global Filter Capabilities Global Filter Function

Uncheck Is Installed As Global Filter. Remember to cancel this option; otherwise, WebKnight cannot work properly.

SQL Injection

No need to change the default configuration

Web Applications

Check Allow File Uploads. Otherwise, the File upload function will be invalid.
Select Allow Unicode
Select Allow ASP NET
If your website needs to support ASP, select Allow ASP
Similarly, you can select the items you want to select if your website needs to support.

After modification, remember to Save the configuration through the menu bar File> Save (or press Ctrl + S). After saving the configuration, You can restart IIS or the application pool to enable WebKnight.
Tip: You can view the WebKnight log to check which valid requests are blocked and then modify the corresponding configuration.

Note that the IIS5.0 isolation mode must be enabled during installation. Otherwise, the dll fails to be loaded ..
To enable the IIS5.0 Isolation Mode, choose IIS Manager> website> right-click Properties> services> run the WWW Service in IIS5.0 Isolation Mode (hook up)> Application
Restart IIS .. Then install webknight...
WebKnight. msi under the 32-bit WebKnightSetupw32 directory
WebKnight. msi under the 64-bit WebKnightSetupx64 directory
The installation can be performed by default, or you can customize the path... and run Config.exe in the installed directory.
Then select the specific security settings of WebKnight. xml, and we will introduce them one by one later. I really hope I can translate it ..
To load the firewall successfully, you must enable the IIS5.0 Isolation Mode ..

If the DLL in the attachment is not loaded successfully, you can install the official, official http://aqtronix.com /? PageID = 99 # Download