Deny IIS6 web request based on URL parameters?

Posted by user21146 on Server Fault See other posts from Server Fault or by user21146
Published on 2011-11-11T20:30:38Z Indexed on 2011/11/12 9:57 UTC
Read the original article Hit count: 179

Filed under:

iis6

I've got a legacy app running a third-party ecommerce system under IIS6. Some spammers recently discovered a bad security vulnerability in one of the store's forms, which are allowing them to send arbitrary emails from our system. Unfortunately, this store "feature" is built into the default.aspx page's code-behind and I have no way to disable it without shutting down the store.

How can I filter out URL request with a given querystring parameter? ie, I want to filter out requests to:

http://www.mysite.com/store/?id=SendSpam

based on the "SendSpam" string.

Related posts about iis6

Best way to migrate from IIS6 to IIS6

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I need to move all my sites on a server with IIS 6 to another one, that has same OS (Windows Server 20003) and same IIS version. I'm trying to understand which is the best way to do it. Searching on Google I've found that there are at least 2 methods, one uses IIS Migration Tool, and another… >>> More
Best way to migrate from IIS6 to IIS6

as seen on Server Fault - Search for 'Server Fault'
Hi, I need to move all my sites on a server with IIS 6 to another one, that has same OS (Windows Server 20003) and same IIS version. I'm trying to understand which is the best way to do it. Searching on Google I've found that there are at least 2 methods, one uses IIS Migration Tool, and another… >>> More
IIS6 all websites displays another site when using https

as seen on Server Fault - Search for 'Server Fault'
I have the following websites set up in iis 6. site1.com site2.com site3.com Accessing site1 is via the address https://site1.com. Accessing site2 and site three should be through http. When I try to access https://site2.com it displays the website of https://site1.com. How can I stop this. I either… >>> More
IIS6 Log time recording problems

as seen on Server Fault - Search for 'Server Fault'
On three separate occasions on two separate servers at nearly the same times, 6.9 hours seemingly went by without any data being written to the IIS logs, but, on closer inspection, it appears that it was all recorded all at once. Here's the facts as I know them: Windows Server 2003 R2 w/ IIS6 Logging… >>> More
IIS6 - 301 permanent redirect response accessing an asp.net web site

as seen on Stack Overflow - Search for 'Stack Overflow'
I've installed an ASP.NET 2.0 virtual directory application on the default web site in IIS6 (Windows 2003 computer) with a Visual Studio generated web deployment setup. Unfortunately, following a successfull installation, I'm unable to access our web site. I get a permanent redirect from IIS as shown… >>> More

Developer IT