How to deny URL sequence from IIS?

Request Filtering is a built-in security feature of IIS. Using Request Filtering feature one can assign maximum URL length, Query String size, content request length and many other restrictions server-wide as well as website-wide. Deny URL Sequences element of Request Filtering helps to deny access for URL sequence patterns that an attacker might try to exploit. Follow these steps to deny URL sequence from IIS.

  1. Login to your VPS. Please refer to how to connect your VPS using RDP.

  2. Open IIS Manager. Unde Connections pane, click on VPS Name.

    IIS Manager

  3. Open Request Filtering as shown in below image.

    Click on Request Filtering Option
  4. Move to URL tab and click on Deny Sequence.

    Click on Deny Sequence Link

  5. An Add Deny Sequence dialog box will appear, enter the URL sequence which you wish to block. For Example, if you wish to block the common SQL Injection term 'varchar', enter 'varchar' character sequence in the Deny Sequence box. When you wish to block entire directory access, give '..' as shown in below image.

    Add URL Sequence

  6. Click OK. Now, when anyone tries to enter any of the mentioned terms into your URL Sequence, they will receive the HTTP Error 404.5 – URL Sequence denied error message.
NOTE: Choose your character sequence wisely. If your site uses any of the terms that you deny, your site visitor will receive the HTTP Error 404.5.

Related Articles

Everything you should know about IIS Application Pools

1) What is an Application Pool? Application pool is a collection of one or more websites running...

How to set MIME types for web fonts in IIS?

Font Squirrel's @Font-face generator is one of the best free online tools to generate required...

How to create a certificate signing request [CSR] from IIS 7.5 in your VPS?

Follow the below mentioned steps to create Certificate signing request from IIS 7.5 in your VPS:...

How to Fix HTTP Error 500 (or 500.21) - Internal Server Error Handler SSINC-shtml?

Error Message HTTP Error 500 (or 500.21) - Internal Server Error Handler SSINC-shtm' handler...

How to set website redirection from IIS 7?

This article will guide you to redirect the URL using HTTP Redirect functionality in IIS. Open...

  • 35 Users Found This Useful

Was this answer helpful?