IisShield - Application Layer Firewall

UPDATED WIKI: Features

thalm — Mon, 10 Sep 2007 22:06:50 GMT

Features

IisShield protects IIS by parsing each http request coming into the web server and inspecting each token of the http protocol against several rules defined in the configuration files. The available rules allow for a deep analysis of the requests at a low level providing a thorough and robust filtering engine.

IisShield is flexible enough so that rules can be split into zones allowing the filtering process to be applied in a per-zone scope versus a per-server scope. Zones are used to specify which requests are included or excluded requests from the filtering engine. A zone contains the following optional items:

target address
target port
target url
rules file

A zone can also override the default rules file by specifying a rules file to be applied to all requests part of the zone. For a request t be considered part of a zone, the following steps are taken whenever a request comes into IIS:

If target address is defined, then the target address of the request must match target address
If target port is defined, then the target port of the request must match target port
If target url is defined, then the url of the request must start with target url

The zone that first matches a request is the chosen zone. Zones are checked in the order they are defined in the configuration file. Zones that do not define target address, target port and target url are ignored.

Behavior

When an http request is blocked by IisShield, the reason is logged into the appropriate rules log file and afterwards there can be 2 outcomes:

If the RejectPage configuration option is defined, the request does not progress further and the RejectPage content is sent back using a 404 http status.
If the RejectPage configuration option is not defined, then IisShield lets the request progress further into IIS. This option is most useful for lab testing.

In case there is a critical error while filtering the request, IisShield logs the error to the trace file and drops the tcp/ip connection.

IisShield takes advantage of the features available in IIS 4.0, IIS 5.x and IIS 6.0 to perform the filtering of the requests. In IIS 6.0, both native mode and IIS5 mode are supported.

UPDATED WIKI: Home

thalm — Mon, 10 Sep 2007 22:04:10 GMT

Project Description
IisShield is an IIS ISAPI Filter preventing any known and unknown attacks from disrupting IIS. The preventive approach of IisShield is an added value preventing IIS from even trying to interpret requests trying to break-in. With a detailed logging engine, IisShield helps IIS administrators to know in advance and protect IIS from known or unknown HTTP attacks that flow over the Internet.

Today's Internet exposure must be protected at all levels and Application Layer Firewalls are an emerging technology providing a needed higher level of protection to Web Servers given the new class of attacks over the HTTP protocol layer.

The configuration is quite detailed giving the ability to precisely decide over what is accepted and what is not regarding the HTTP Layer. RFC Compliance is just one of the core features of IisShield offering an assurance of quality of service to the IIS Administrator.

IisShield runs in IIS 4.0, IIS 5.x and IIS 6.0.

More Information

UPDATED WIKI: Home

thalm — Mon, 10 Sep 2007 22:00:45 GMT

RELEASED: IisShield 2.2.1 (Sep 10, 2007)

Mon, 10 Sep 2007 21:58:42 GMT

This release is production ready.

This release includes:
* Binary Installation
* Documentation

UPDATED RELEASE: IisShield 2.2.1 (Sep 10, 2007)

Mon, 10 Sep 2007 21:58:42 GMT

This release is production ready.

This release includes:
* Binary Installation
* Documentation

Source code checked in

thalm — Mon, 10 Sep 2007 21:50:45 GMT

Source code upload

UPDATED WIKI: Home

thalm — Sat, 08 Sep 2007 17:13:24 GMT