Microsoft just released a new IIS utility called URLSCAN which can block suspicious URL's from your IIS server. You can get it from: http://www.microsoft.com/downloads/release.asp?ReleaseID=32571 I just installed it on my OWA server (NT4 sp6a, EX5.5 sp4) and it seems to work fine. It is configured by an INI file which tells it what types of URL requests to block. Here is the log of it starting up and blocking one request: [Thu, Sep 13 2001 - 13:15:10] ---------- UrlScan.dll Initializing ---------- [Thu, Sep 13 2001 - 13:15:10] URLs will be normalized before analysis. [Thu, Sep 13 2001 - 13:15:10] URL normalization will be verified. [Thu, Sep 13 2001 - 13:15:10] URLs may contain OEM, international and UTF-8 characters. [Thu, Sep 13 2001 - 13:15:10] URLs must not contain any dot except for the file extension. [Thu, Sep 13 2001 - 13:15:10] Only the following verbs will be allowed (case sensitive): [Thu, Sep 13 2001 - 13:15:10] 'GET' [Thu, Sep 13 2001 - 13:15:10] 'HEAD' [Thu, Sep 13 2001 - 13:15:10] 'POST' [Thu, Sep 13 2001 - 13:15:10] Requests for following extensions will be rejected: [Thu, Sep 13 2001 - 13:15:10] '.exe' [Thu, Sep 13 2001 - 13:15:10] '.bat' [Thu, Sep 13 2001 - 13:15:10] '.cmd' [Thu, Sep 13 2001 - 13:15:10] '.com' [Thu, Sep 13 2001 - 13:15:10] '.htw' [Thu, Sep 13 2001 - 13:15:10] '.ida' [Thu, Sep 13 2001 - 13:15:10] '.idq' [Thu, Sep 13 2001 - 13:15:10] '.htr' [Thu, Sep 13 2001 - 13:15:10] '.idc' [Thu, Sep 13 2001 - 13:15:10] '.shtm' [Thu, Sep 13 2001 - 13:15:10] '.shtml' [Thu, Sep 13 2001 - 13:15:10] '.stm' [Thu, Sep 13 2001 - 13:15:10] '.printer' [Thu, Sep 13 2001 - 13:15:10] '.ini' [Thu, Sep 13 2001 - 13:15:10] '.log' [Thu, Sep 13 2001 - 13:15:10] '.pol' [Thu, Sep 13 2001 - 13:15:10] '.dat' [Thu, Sep 13 2001 - 13:15:10] Requests containing the following headers will be rejected: [Thu, Sep 13 2001 - 13:15:10] 'translate:' [Thu, Sep 13 2001 - 13:15:10] 'if:' [Thu, Sep 13 2001 - 13:15:10] 'lock-token:' [Thu, Sep 13 2001 - 13:15:10] Requests containing the following character sequences will be rejected: [Thu, Sep 13 2001 - 13:15:10] '..' [Thu, Sep 13 2001 - 13:15:10] './' [Thu, Sep 13 2001 - 13:15:10] '\' [Thu, Sep 13 2001 - 13:15:10] ':' [Thu, Sep 13 2001 - 13:15:10] '%' [Thu, Sep 13 2001 - 13:15:10] '&' [Thu, Sep 13 2001 - 13:37:00] Client at 192.168.1.1: Sent verb 'OPTIONS', which is not specifically allowed. Request will be rejected. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]