Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Expand Minimize

RequestFilteringSection Class [IIS 7 and higher]

IIS 7.0

Configures the scanning of incoming URL requests.

class RequestFilteringSection : ConfigurationSectionWithCollection

The following table lists the methods exposed by the RequestFilteringSection class.

Name

Description

Add

(Inherited from ConfigurationSectionWithCollection.)

Clear

(Inherited from ConfigurationSectionWithCollection.)

Get

(Inherited from ConfigurationSectionWithCollection.)

GetAllowDefinition

(Inherited from ConfigurationSection.)

GetAllowLocation

(Inherited from ConfigurationSection.)

Remove

(Inherited from ConfigurationSectionWithCollection.)

RevertToParent

(Inherited from ConfigurationSection.)

SetAllowDefinition

(Inherited from ConfigurationSection.)

SetAllowLocation

(Inherited from ConfigurationSection.)

The following table lists the properties exposed by the RequestFilteringSection class.

Name

Description

AllowDoubleEscaping

A read/write boolean value. true if double escape characters are permitted in URLs; otherwise, false. The default is false.

AllowHighBitCharacters

A read/write boolean value. true if non-ASCII characters are permitted in URLs; otherwise, false. The default is true.

DenyUrlSequences

A UrlSequenceSettings value that contains URL sequences that can be used to attack a Web server and, therefore, will be denied.

FileExtensions

A read/write FileExtensionsSettings value that specifies file extensions that can be allowed or denied in a request.

HiddenSegments

A HiddenSegmentSettings value that specifies segments whose content will not be served to the client.

NoteNote:
A segment is the part of a URL between two slashes or the part of the URL following the last slash. For example, the URL /segment1/segment2/segment3.asp has three segments: segment1, segment2, and segment3.asp.
NoteNote:
The following segments are blocked by default: bin, App_code, App_GlobalResources, App_LocalResources, App_WebReferences, App_Data, and App_Browsers.

Location

(Inherited from ConfigurationSection.) A key property.

Path

(Inherited from ConfigurationSection.) A key property.

RequestLimits

A RequestLimitsElement value that specifies size limits on incoming HTTP requests.

SectionInformation

(Inherited from ConfigurationSection.)

Verbs

A read/write VerbsSettings value that specifies HTTP verbs to allow or deny.

NoteNote:
Wildcards for HTTP verbs are not supported.

This class contains no subclasses.

This class integrates into IIS 7 the functionality of the URLScan tool used by previous versions of IIS. 

NoteNote:

For the functionality in the RequestFilteringSection class to work, the Request Filtering Module (Modrqflt.dll) must be installed.

The following example shows all of the properties for the request-filtering section in the ApplicationHost.config file.

' Connect to the WMI WebAdministration namespace.
Set objWMIService = GetObject("winmgmts:root\WebAdministration")

' Get the request-filtering section.
Set oRequestFilteringSection = objWMIService.Get( _
"RequestFilteringSection.Path='MACHINE/WEBROOT/APPHOST',Location=''")

' Show the path.
WScript.Echo "[Request Filtering Path]"
WScript.Echo oRequestFilteringSection.Path_
WScript.Echo 

' Show the AllowDoubleEscaping property as "True" or "False."
WScript.Echo "[AllowDoubleEscaping]"
WScript.Echo CStr(oRequestFilteringSection.AllowDoubleEscaping)
WScript.Echo 

' Show the AllowHighBitCharacters property as "True" or "False."
WScript.Echo "[AllowHighBitCharacters]"
WScript.Echo CStr(oRequestFilteringSection.AllowHighBitCharacters)
WScript.Echo 

' List the denied URL sequences.
WScript.Echo "[Denied Url Sequences]"
For Each oSequence In _
    oRequestFilteringSection.DenyUrlSequences.DenyUrlSequences
    WScript.Echo oSequence.Sequence
Next
WScript.Echo 

' List the file extensions settings.
WScript.Echo "[File Extensions]"

' Show the AllowUnlisted property as "True" or "False."
WScript.Echo "Allow unlisted file extensions: " & _
    oRequestFilteringSection.FileExtensions.AllowUnlisted
WScript.Echo

' List each file extension and show whether it is allowed.
For Each oFileExtension In _
    oRequestFilteringSection.FileExtensions.FileExtensions
    WScript.Echo "File extension: " & oFileExtension.FileExtension
    WScript.Echo "File extension allowed: " & oFileExtension.Allowed
    WScript.Echo
Next
WScript.Echo 

' List the hidden segments.
WScript.Echo "[Hidden Segments]"
For Each oHiddenSegment In _
    oRequestFilteringSection.HiddenSegments.HiddenSegments
    WScript.Echo oHiddenSegment.Segment
Next
WScript.Echo 

' Show the request limits settings.
WScript.Echo "[Request Limits]"
WScript.Echo "maxAllowedContentLength: " & _
oRequestFilteringSection.RequestLimits.maxAllowedContentLength
WScript.Echo "maxUrl: " & oRequestFilteringSection.RequestLimits.maxUrl
WScript.Echo "maxQueryString: " & oRequestFilteringSection.RequestLimits.maxQueryString
WScript.Echo 

' Show the header limits settings.
WScript.Echo vbtab & "[Header Limits]"
For Each oHeaderLimit In _
    oRequestFilteringSection.RequestLimits.HeaderLimits.HeaderLimits
    WScript.Echo vbtab & "Header: " & oHeaderLimit.Header
    WScript.Echo vbtab & "Header size limit: " & oHeaderLimit.SizeLimit
    WScript.Echo 
Next

' List the verbs settings.
WScript.Echo "[Verbs]"
WScript.Echo "Allow unlisted verbs: " & oRequestFilteringSection.Verbs.AllowUnlisted
WScript.Echo 

' List each verb and show whether it is allowed.
For Each oVerb In oRequestFilteringSection.Verbs.Verbs
    WScript.Echo "Verb: " & oVerb.Verb
    WScript.Echo "Verb allowed: " & oVerb.Allowed
    WScript.Echo
Next

Type

Description

Client

Requires IIS 7 on Windows Vista.

Server

Requires IIS 7 on Windows Server 2008.

Product

IIS 7

MOF file

WebAdministration.mof

Community Additions

ADD
Show:
© 2015 Microsoft