IisShield protects IIS by parsing each http request coming into the web server and inspecting each token of the http protocol against several rules defined in the configuration files. The available rules allow for a deep analysis of the requests at a low level providing a thorough and robust filtering engine.

IisShield is flexible enough so that rules can be split into zones allowing the filtering process to be applied in a per-zone scope versus a per-server scope. Zones are used to specify which requests are included or excluded requests from the filtering engine. A zone contains the following optional items:
  • target address
  • target port
  • target url
  • rules file

A zone can also override the default rules file by specifying a rules file to be applied to all requests part of the zone. For a request t be considered part of a zone, the following steps are taken whenever a request comes into IIS:
  • If target address is defined, then the target address of the request must match target address
  • If target port is defined, then the target port of the request must match target port
  • If target url is defined, then the url of the request must start with target url

The zone that first matches a request is the chosen zone. Zones are checked in the order they are defined in the configuration file. Zones that do not define target address, target port and target url are ignored.


When an http request is blocked by IisShield, the reason is logged into the appropriate rules log file and afterwards there can be 2 outcomes:
  • If the RejectPage configuration option is defined, the request does not progress further and the RejectPage content is sent back using a 404 http status.
  • If the RejectPage configuration option is not defined, then IisShield lets the request progress further into IIS. This option is most useful for lab testing.

In case there is a critical error while filtering the request, IisShield logs the error to the trace file and drops the tcp/ip connection.

IisShield takes advantage of the features available in IIS 4.0, IIS 5.x and IIS 6.0 to perform the filtering of the requests. In IIS 6.0, both native mode and IIS5 mode are supported.

Last edited Sep 10, 2007 at 10:06 PM by thalm, version 1


No comments yet.