Method of installing Webknight in IIS6 (IIS firewall) _win server

How do I install Webknight in IIS6?

Our WebServer is IIS6, so here we only introduce the installation of IIS6, I see some posts about Webknight installation, said that only the IIS adjusted to IIS5.0 isolation mode (IIS5.0 isolation model) can, But in fact Webknight's official website has introduced the method that does not need this to install, but this needs to discard Webknight's global configuration characteristic, compared to abandons the IIS6.0, I was willing to give up webknight this characteristic:

First download a copy of webknight, download address: http://aqtronix.com/? Pageid=99#download (note, this is not a direct download address, click on the Webknight 2.2 (release date:2008.09.02), in order to prevent updates after friends also download the old version)
After decompression, there are 2 directory setup, source, where source is the source, we only need to install, into the setup
After entering the setup, there are 2 directories: The W32 represents 32 bits, the x64 represents 64 bits, and according to your server's operating system, I choose x64 (because Webknight 32-bit, 64-bit file structure is identical, the following content is fully applicable to the 32-bit operating system)
Make sure that each of your own sites is running in a separate application pool;
In the Webknight configuration program

Deselect ' is installed as global filter ' under ' Global filter capabilities '
Select per Process Logging under "Logging" so that each instance of the application pool loads a separate webknight instance

Ensure that Windows user network SERVICE (or other user of the application pool you set) has modify permissions for the Webknight folder
Copy all files from the x64 folder in step 3rd to the server (such as: F:\WebKnight\WebSite1\), note: Each site requires an independent and complete webknight, not shared
Open IIS Manager
Right-click > Properties > ISAPI filters on sites that need to be installed Webknight
Click Add > Filter name at random, such as (webknight), excutable select Webknight directory WebKnight.dll (Note: To select the Webknight directory to which the site belongs, do not choose the wrong)
Click OK to complete the installation
Click on the Webknight directory of Config.exe, the specific configuration method see the next section, the configuration is completed before the next step, remember
After doing so, restarting IIS (restarting IIS can actually be avoided by simply stopping the application pool of the configured Webknight Web site)

How to configure Webknight

Disclaimer: Due to the configuration of webknight, here I only write the recommended configuration, personal point of view, for reference only, if better suggestions, look forward to your sharing

In the Webknight directory (such as: F:\WebKnight\WebSite1\), double-click Config.exe to start configuration, in the Open Configuration dialog box that pops up, select Webknight.xml
Scanning Engine scan Engine

No need to change the default configuration

Incident Response handling attacks have occurred

If you want someone to attack when you see the page is the Webknight directory of denied.htm, select response directly can;
If you want someone to attack when the page you see is a file under your site (such as: http://www.xxx.com/Error/Denied.htm), select Response Redirect, and in the following response Redirect URL to fill in your site under the file path (such as:/error/denied.htm)
If you only want to record the attack but do not want to interrupt the user's access, you can choose response Log only

Logging Log

If the log volume is particularly large, deselect enabled, or it is likely that the disk free space is gone, and there may be more serious disk I/O performance problems
The log defaults to the LogFiles folder that is stored in the Webknight directory, and if you want to change the path, you can modify the log directory value
Webknight daily log is stored by different files, save 28 days of data by default, you can modify the value in log retention

Connection Connection

No need to change the default configuration

Authentication Security Certification

No need to change the default configuration

Request Limits Requests Restrictions

Deselect limit Content Length (Content-length is a value in the header that represents the dimension of the requested element), I personally feel that this is not a necessary choice because the element size can be very large
Deselect the limit URL (that is, limit the length of the URL), for the same reason that the URL may also be very long
Deselect limit query string (that is, the length of query strings), for the same reason that the query string may also be very long
Deselect limit HTTP version (that is, HTTP), I feel there is no need to restrict the HTTP version, it is possible that users who have used the old version of the browser can not access their own web site
Deselect use Max Headers (that is, limit the maximum length of items in Headers). I started to choose the item, but in my practice, because we use the website traffic statistics, advertising cooperation code, etc., resulting in some of the headers, blocking a lot of normal requests, so I would like to simply, once and for all, deselect the

URL Scanning Web site scan

Deselect RFC compliant URL, RFC compliant HTTP URL, Deny url highbitshellcode, check these three items, many less standard URL format will be inaccessible, such as the URL containing Chinese
Deselect the Deny URL backslash, because our site, "\" in the URL will also use
In URL Denied sequences, some URL strings are described that reject requests, if any are in use in your site, you can delete them by selecting the items you want to delete, right-clicking, and clicking Remove Selected

mapped Path map directory

Use allowed Paths, this is checked because it restricts the physical path on the server that the Web program can access, and all we need to do is add our own physical path to our site in the allowed Paths below, such as F:\WebSite1, The Add method is to right-click on any item > Insert item > Enter physical path, return to

Requested file is requested

In denied files (file that rejects the request), remove the files that the Web site allows to request, such as: Log.htm, logfiles
In denied Extensions (reject the requested suffix name), remove the suffix name of the site's sequential request, such as: shtm

Robots Spider Program

No need to change the default configuration

Headers Header Information

Server header, you can modify the value of the server field in the header, and I think it can be changed, and it's kind of fun.
To prevent legitimate requests from the Organization, uncheck the RFC compliant Host Header, use Denied Headers

ContentType Content Type

Deselect use allowed Content Types, if selected, cannot upload file

Cookie this does not need to translate into Chinese:

No need to change the default configuration

User Agent/Client

Uncheck deny user agent Empty, deny user agent Non RFC, otherwise partial legal access will be denied

Referrer Access Routing

Deselect use referrer scanning, because I think one of the accesses may not have too serious security issues, or to try to get the legal request through, I chose to uncheck the option

Methods HTTP Request method

No need to change the default configuration

QueryString Query string

No need to change the default configuration

Global filter Capabilities filtering function

Uncheck is installed as Global Filter, remember that the item must be canceled, otherwise webknight will not work

SQL injection SQL injection

No need to change the default configuration

Web Applications Web Application

Check allow file uploads, otherwise the function of uploading files will fail
Tick Allow Unicode
Tick Allow ASP NET
If your site needs to support ASP, check the Allow ASP
Similarly, what your site needs to support, please select the items you need to check

After modification, remember to save the configuration via menu bar file > Save (or through the shortcut key Ctrl+s), and after you save the configuration, you can restart the IIS or application pool to enable webknight.
Tip: You can view webknight logs to see which legitimate requests are blocked, and then modify the appropriate configuration

Note that IIS5.0 isolation mode must be enabled at installation time. Failure to load DLL.
Open IIS5.0 Isolation Mode specific location: IIS Manager-> Web site-> Right-key properties-> service-> run WWW service in IIS5.0 isolation mode (HOOK)-> application
Restart IIS. Then install Webknight ...
32-bit System WebKnightSetupw32 directory Webknight.msi
64-bit System WebKnightSetupx64 directory Webknight.msi
Installation can be by default, or you can customize the path yourself ... When set, run to the installed directory: Config.exe
Then select Webknight.xml specific security settings, and then introduce them. I wish I could translate it over.
Again, you must turn on IIS5.0 isolation mode to successfully load the firewall.

If the attachment of this DLL does not succeed in loading it can be installed official, official download address Http://aqtronix.com/?PageID=99#Download