Does IIS7 have in-built, or available extensions, for responding to scan attempts?

security iis-7 iis application-firewall

Solution 1:

The Microsoft UrlScan tool is probably a good thing for you to look at. Microsoft does a fairly poor job, IMO, promoting the tool. You can find some good third-party references on it, thought. In a nutshell, it's an add-on to IIS that allows you to create filtering rules for requests and has a logging mechanism adjunct to IIS's own logging. It's a pretty neat tool.

Solution 2:

The Request Filtering Module is a built-in module (installable as an IIS Role Service through Roles in Server Manager) that has rough feature parity with URLScan, but uses the IIS configuration system instead of INI files.

Wade's blog covers a sample dictionary to prevent common SQL Injection attacks.

Related

Redundant NFS on Amazon EC2
unable to log into DRAC5, stuck at logging in please wait
Troubleshooting UDP multicast on Windows
Can you create a windows scheduled task to run every day except sunday?
Are there downsides to forcing an https connection for all site traffic?
How to enable shutdown option on windows 2003 server login screen?
Is Imaging over wireless possible and/or feasible? PXE boot over Wireless?
What is the easiest way to setup a linux server to send mail?
How can I search IIS logs of several servers at the same time?
Will removing a debian package remove the data?
How does a CPU ever go Idle enough to enter deeper C states?
How can I use ping with a large packet size to troubleshoot network issues?