RequestFilteringSection Class
Configures the scanning of incoming URL requests.
Syntax
class RequestFilteringSection : ConfigurationSectionWithCollection
Methods
The following table lists the methods exposed by the RequestFilteringSection class.
| Name | Description |
|---|---|
| Add | (Inherited from ConfigurationSectionWithCollection.) |
| Clear | (Inherited from ConfigurationSectionWithCollection.) |
| Get | (Inherited from ConfigurationSectionWithCollection.) |
| GetAllowDefinition | (Inherited from ConfigurationSection.) |
| GetAllowLocation | (Inherited from ConfigurationSection.) |
| Remove | (Inherited from ConfigurationSectionWithCollection.) |
| RevertToParent | (Inherited from ConfigurationSection.) |
| SetAllowDefinition | (Inherited from ConfigurationSection.) |
| SetAllowLocation | (Inherited from ConfigurationSection.) |
Properties
The following table lists the properties exposed by the RequestFilteringSection class.
| Name | Description |
|---|---|
AllowDoubleEscaping |
A read/write boolean value. true if double escape characters are permitted in URLs; otherwise, false. The default is false. |
AllowHighBitCharacters |
A read/write boolean value. true if non-ASCII characters are permitted in URLs; otherwise, false. The default is true. |
DenyUrlSequences |
A UrlSequenceSettings value that contains URL sequences that can be used to attack a Web server and, therefore, will be denied. |
FileExtensions |
A read/write FileExtensionsSettings value that specifies file extensions that can be allowed or denied in a request. |
HiddenSegments |
A HiddenSegmentSettings value that specifies segments whose content will not be served to the client. Note: A segment is the part of a URL between two slashes or the part of the URL following the last slash. For example, the URL /segment1/segment2/segment3.asp has three segments: segment1, segment2, and segment3.asp. Note: The following segments are blocked by default: bin, App_code, App_GlobalResources, App_LocalResources, App_WebReferences, App_Data, and App_Browsers. |
Location |
(Inherited from ConfigurationSection.) A key property. |
Path |
(Inherited from ConfigurationSection.) A key property. |
RequestLimits |
A RequestLimitsElement value that specifies size limits on incoming HTTP requests. |
SectionInformation |
(Inherited from ConfigurationSection.) |
Verbs |
A read/write VerbsSettings value that specifies HTTP verbs to allow or deny. Note: Wildcards for HTTP verbs are not supported. |
Subclasses
This class contains no subclasses.
Remarks
This class integrates into IIS 7 the functionality of the URLScan tool used by previous versions of IIS.
Note
For the functionality in the RequestFilteringSection class to work, the Request Filtering Module (Modrqflt.dll) must be installed.
Example
The following example shows all of the properties for the request-filtering section in the ApplicationHost.config file.
' Connect to the WMI WebAdministration namespace.
Set objWMIService = GetObject("winmgmts:root\WebAdministration")
' Get the request-filtering section.
Set oRequestFilteringSection = objWMIService.Get( _
"RequestFilteringSection.Path='MACHINE/WEBROOT/APPHOST',Location=''")
' Show the path.
WScript.Echo "[Request Filtering Path]"
WScript.Echo oRequestFilteringSection.Path_
WScript.Echo
' Show the AllowDoubleEscaping property as "True" or "False."
WScript.Echo "[AllowDoubleEscaping]"
WScript.Echo CStr(oRequestFilteringSection.AllowDoubleEscaping)
WScript.Echo
' Show the AllowHighBitCharacters property as "True" or "False."
WScript.Echo "[AllowHighBitCharacters]"
WScript.Echo CStr(oRequestFilteringSection.AllowHighBitCharacters)
WScript.Echo
' List the denied URL sequences.
WScript.Echo "[Denied Url Sequences]"
For Each oSequence In _
oRequestFilteringSection.DenyUrlSequences.DenyUrlSequences
WScript.Echo oSequence.Sequence
Next
WScript.Echo
' List the file extensions settings.
WScript.Echo "[File Extensions]"
' Show the AllowUnlisted property as "True" or "False."
WScript.Echo "Allow unlisted file extensions: " & _
oRequestFilteringSection.FileExtensions.AllowUnlisted
WScript.Echo
' List each file extension and show whether it is allowed.
For Each oFileExtension In _
oRequestFilteringSection.FileExtensions.FileExtensions
WScript.Echo "File extension: " & oFileExtension.FileExtension
WScript.Echo "File extension allowed: " & oFileExtension.Allowed
WScript.Echo
Next
WScript.Echo
' List the hidden segments.
WScript.Echo "[Hidden Segments]"
For Each oHiddenSegment In _
oRequestFilteringSection.HiddenSegments.HiddenSegments
WScript.Echo oHiddenSegment.Segment
Next
WScript.Echo
' Show the request limits settings.
WScript.Echo "[Request Limits]"
WScript.Echo "maxAllowedContentLength: " & _
oRequestFilteringSection.RequestLimits.maxAllowedContentLength
WScript.Echo "maxUrl: " & oRequestFilteringSection.RequestLimits.maxUrl
WScript.Echo "maxQueryString: " & oRequestFilteringSection.RequestLimits.maxQueryString
WScript.Echo
' Show the header limits settings.
WScript.Echo vbtab & "[Header Limits]"
For Each oHeaderLimit In _
oRequestFilteringSection.RequestLimits.HeaderLimits.HeaderLimits
WScript.Echo vbtab & "Header: " & oHeaderLimit.Header
WScript.Echo vbtab & "Header size limit: " & oHeaderLimit.SizeLimit
WScript.Echo
Next
' List the verbs settings.
WScript.Echo "[Verbs]"
WScript.Echo "Allow unlisted verbs: " & oRequestFilteringSection.Verbs.AllowUnlisted
WScript.Echo
' List each verb and show whether it is allowed.
For Each oVerb In oRequestFilteringSection.Verbs.Verbs
WScript.Echo "Verb: " & oVerb.Verb
WScript.Echo "Verb allowed: " & oVerb.Allowed
WScript.Echo
Next
Inheritance Hierarchy
ConfigurationSectionWithCollection
RequestFilteringSection
Requirements
| Type | Description |
|---|---|
| Client | - IIS 7.0 on Windows Vista - IIS 7.5 on Windows 7 - IIS 8.0 on Windows 8 - IIS 10.0 on Windows 10 |
| Server | - IIS 7.0 on Windows Server 2008 - IIS 7.5 on Windows Server 2008 R2 - IIS 8.0 on Windows Server 2012 - IIS 8.5 on Windows Server 2012 R2 - IIS 10.0 on Windows Server 2016 |
| Product | - IIS 7.0, IIS 7.5, IIS 8.0, IIS 8.5, IIS 10.0 |
| MOF file | WebAdministration.mof |
See Also
ConfigurationSectionWithCollection Class
FileExtensionElement Class
FileExtensionsSettings Class
HeaderLimitsSettings Class
HiddenSegmentSettings Class
<requestFiltering>
RequestLimitsElement Class
UrlSequence Class
UrlSequenceSettings Class
VerbElement Class
VerbsSettings Class
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for