URLSCAN Input Format

Log Parser

URLSCAN Input Format

The URLSCAN input format parses log files created by the URLScan IIS filter.

URLScan is an ISAPI filter that allows administrators of web servers to restrict the kind of HTTP requests that the server will process. By blocking specific HTTP requests, the URLScan filter prevents potentially harmful requests from reaching the server and causing damage.
The URLScan filter maintains a log file describing the actions taken when HTTP requests match the administrator-specified filters.

Log files created by the URLScan filter look like the following example:

[04-30-2002 - 17:09:48] ---------------- Initializing UrlScan.log ----------------
[04-30-2002 - 17:09:48] -- Filter initialization time: [04-30-2002 - 17:09:48]  --
[04-30-2002 - 17:09:48] ---------------- UrlScan.dll Initializing ----------------
[04-30-2002 - 17:09:49] UrlScan will return the following URL for rejected requests: "/<Rejected-By-UrlScan>"
[04-30-2002 - 17:09:49] URLs will be normalized before analysis.
[04-30-2002 - 17:09:49] URL normalization will be verified.
[04-30-2002 - 17:09:49] URLs must contain only ANSI characters.
[04-30-2002 - 17:09:49] URLs must not contain any dot except for the file extension.
[04-30-2002 - 17:09:49] URLs will be logged up to 128K bytes.
[04-30-2002 - 17:09:49] Requests with Content-Length exceeding 30000000 will be rejected.
[04-30-2002 - 17:09:49] Requests with URL length exceeding 260 will be rejected.
[04-30-2002 - 17:09:49] Requests with Query String length exceeding 4096 will be rejected.
[04-30-2002 - 17:09:49] Only the following verbs will be allowed (case sensitive):
[04-30-2002 - 17:09:49] 	'GET'
[04-30-2002 - 17:09:49] Requests containing the following character sequences will be rejected:
[04-30-2002 - 17:09:49] 	'jj'
[04-30-2002 - 17:10:08] Client at 192.168.1.81: URL contains sequence 'jj', which is disallowed. Request will be rejected.  Site Instance='1', Raw URL='/jj/LogLongUrlsTest_2_124_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[04-30-2002 - 17:10:08] Client at 192.168.1.81: URL length exceeded maximum allowed. Request will be rejected. Site Instance='1', Raw URL='/jj/LogLongUrlsTest_2_800_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[04-30-2002 - 17:10:09] Client at 192.168.1.81: URL length exceeded maximum allowed. Request will be rejected. Site Instance='1', Raw URL='/jj/LogLongUrlsTest_2_1000_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'


From-Entity Syntax
Fields
Parameters
Examples


© 2004 Microsoft Corporation. All rights reserved.