IISShield is an IIS ISAPI Filter preventing any known and unknown attacks from disrupting IIS. The preventive approach of IISShield is an added value preventing IIS from even trying to interpret requests trying to break-in.
With a detailed logging engine, IISShield helps IIS administrators to know in advance and protect IIS from known or unknown HTTP attacks that flow over the Internet.
The configuration is quite detailed giving the ability to precisely decide over what is accepted and what is not regarding the HTTP Layer.
RFC Compliance is just one of the core features of IISShield offering an assurance of quality of service to the IIS Administrator.
Technical comparison with another well-known tool with similar capabilities is also provided outlining the powerful capabilities of IISShield.
Tool comparison:
Microsoft URLScan
Verb Allowed List: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Verb Denial List: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Url Extension Allowed List: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Url Extension Denial List: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Dot In Path Detection: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Url Schema Validation: KodeIT IISShield - Yes, Microsoft URLScan - No
Host Header Validation: KodeIT IISShield - Yes, Microsoft URLScan - No
Http Version Validation: KodeIT IISShield - Yes, Microsoft URLScan - No
RFC Compliant: KodeIT IISShield - Yes, Microsoft URLScan - No
Url & Query Size Limit: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Header Name Size Limit: KodeIT IISShield - Yes, Microsoft URLScan - No
Header Value Size Limit (General): KodeIT IISShield - Yes, Microsoft URLScan - No
Header Value Size Limit (by Header Name): KodeIT IISShield - Yes, Microsoft URLScan - Yes
Payload Size Limit: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Url Sequence Constraint: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Query Sequence Constraint: KodeIT IISShield - Yes, Microsoft URLScan - No
Url Encoding Abuse Detection: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Query Encoding Abuse Detection: KodeIT IISShield - Yes, Microsoft URLScan - No
Header Name & Header Value Encoding Abuse Detection: KodeIT IISShield - Yes, Microsoft URLScan - No
Header Name Denial: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Url High Bit Detection: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Query High Bit Detection: KodeIT IISShield - Yes, Microsoft URLScan - No
Header Name & Header Value (High Bit Detection On By Default): KodeIT IISShield - RFC Compliant, Microsoft URLScan - No
Payload High Bit Detection: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Content-Length Value Limit: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Filter Priority Setting: KodeIT IISShield - Yes, Microsoft URLScan - Yes
Simulation Mode: KodeIT IISShield - Yes, Microsoft URLScan - Yes
