DEVHIDE
Login Or Sign up

How to get IIS requestfiltering to perform exact match on denyStrings

352 Views Asked by At

So I have this configuration block, and I'm particularly looking to block URLs.

<security>
  <requestFiltering allowDoubleEscaping="true">
            <filteringRules>
                <filteringRule name="testrule" scanUrl="false" scanQueryString="false">
                    <scanHeaders>
                        <clear />
                        <add requestHeader="User-agent" />
                    </scanHeaders>
                    <denyStrings>
                        <clear />
                        <!-- MY QUESTION IS ABOUT THIS BLOCK -->
                    </denyStrings>
                    <appliesTo>
                        <clear />
                    </appliesTo>
                </filteringRule>
            </filteringRules>
        </requestFiltering>
</security>

When I add this line to <denyStrings> section where I escape the . character:

<add string="yacy\.net" />

User-Agent: yacy.net still works.

With this line:

<add string="yacy.net" />

User-Agent: yacy.net is blocked, but so are yacy.net1 and 2yacy.net1.

My question: How can I block exact match strings only? Instead of partial matches, like it is doing now. I can't find anything on this in the Microsoft docs and apparently I'm not the only one.

Related to this: When looking at blocking through a .htaccess file I normally have to escape spaces, . and underscores, but apparently escaping is not needed under IIS?

escaping string-matching iis-10 requestfiltering
Original Q&A
0

There are 0 best solutions below

Related Questions in ESCAPING

Related Questions in STRING-MATCHING

Related Questions in IIS-10

Related Questions in REQUESTFILTERING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.