RequestFilteringSection Class [IIS 7 and higher]

Article
07/13/2012

Configures the scanning of incoming URL requests.

Syntax

class RequestFilteringSection : ConfigurationSectionWithCollection

Methods

The following table lists the methods exposed by the RequestFilteringSection class.

Name	Description
Add	(Inherited from ConfigurationSectionWithCollection.)
Clear	(Inherited from ConfigurationSectionWithCollection.)
Get	(Inherited from ConfigurationSectionWithCollection.)
GetAllowDefinition	(Inherited from ConfigurationSection.)
GetAllowLocation	(Inherited from ConfigurationSection.)
Remove	(Inherited from ConfigurationSectionWithCollection.)
RevertToParent	(Inherited from ConfigurationSection.)
SetAllowDefinition	(Inherited from ConfigurationSection.)
SetAllowLocation	(Inherited from ConfigurationSection.)

Properties

The following table lists the properties exposed by the RequestFilteringSection class.

Name	Description
AllowDoubleEscaping	A read/write boolean value. true if double escape characters are permitted in URLs; otherwise, false. The default is false.
AllowHighBitCharacters	A read/write boolean value. true if non-ASCII characters are permitted in URLs; otherwise, false. The default is true.
DenyUrlSequences	A UrlSequenceSettings value that contains URL sequences that can be used to attack a Web server and, therefore, will be denied.
FileExtensions	A read/write FileExtensionsSettings value that specifies file extensions that can be allowed or denied in a request.
HiddenSegments	A HiddenSegmentSettings value that specifies segments whose content will not be served to the client. Note: A segment is the part of a URL between two slashes or the part of the URL following the last slash. For example, the URL /segment1/segment2/segment3.asp has three segments: segment1, segment2, and segment3.asp. Note: The following segments are blocked by default: bin, App_code, App_GlobalResources, App_LocalResources, App_WebReferences, App_Data, and App_Browsers.
Location	(Inherited from ConfigurationSection.) A key property.
Path	(Inherited from ConfigurationSection.) A key property.
RequestLimits	A RequestLimitsElement value that specifies size limits on incoming HTTP requests.
SectionInformation	(Inherited from ConfigurationSection.)
Verbs	A read/write VerbsSettings value that specifies HTTP verbs to allow or deny. Note: Wildcards for HTTP verbs are not supported.

Subclasses

This class contains no subclasses.

Remarks

This class integrates into IIS 7 the functionality of the URLScan tool used by previous versions of IIS.

Note

For the functionality in the RequestFilteringSection class to work, the Request Filtering Module (Modrqflt.dll) must be installed.

Example

The following example shows all of the properties for the request-filtering section in the ApplicationHost.config file.

' Connect to the WMI WebAdministration namespace.
Set objWMIService = GetObject("winmgmts:root\WebAdministration")

' Get the request-filtering section.
Set oRequestFilteringSection = objWMIService.Get( _
"RequestFilteringSection.Path='MACHINE/WEBROOT/APPHOST',Location=''")

' Show the path.
WScript.Echo "[Request Filtering Path]"
WScript.Echo oRequestFilteringSection.Path_
WScript.Echo 

' Show the AllowDoubleEscaping property as "True" or "False."
WScript.Echo "[AllowDoubleEscaping]"
WScript.Echo CStr(oRequestFilteringSection.AllowDoubleEscaping)
WScript.Echo 

' Show the AllowHighBitCharacters property as "True" or "False."
WScript.Echo "[AllowHighBitCharacters]"
WScript.Echo CStr(oRequestFilteringSection.AllowHighBitCharacters)
WScript.Echo 

' List the denied URL sequences.
WScript.Echo "[Denied Url Sequences]"
For Each oSequence In _
    oRequestFilteringSection.DenyUrlSequences.DenyUrlSequences
    WScript.Echo oSequence.Sequence
Next
WScript.Echo 

' List the file extensions settings.
WScript.Echo "[File Extensions]"

' Show the AllowUnlisted property as "True" or "False."
WScript.Echo "Allow unlisted file extensions: " & _
    oRequestFilteringSection.FileExtensions.AllowUnlisted
WScript.Echo

' List each file extension and show whether it is allowed.
For Each oFileExtension In _
    oRequestFilteringSection.FileExtensions.FileExtensions
    WScript.Echo "File extension: " & oFileExtension.FileExtension
    WScript.Echo "File extension allowed: " & oFileExtension.Allowed
    WScript.Echo
Next
WScript.Echo 

' List the hidden segments.
WScript.Echo "[Hidden Segments]"
For Each oHiddenSegment In _
    oRequestFilteringSection.HiddenSegments.HiddenSegments
    WScript.Echo oHiddenSegment.Segment
Next
WScript.Echo 

' Show the request limits settings.
WScript.Echo "[Request Limits]"
WScript.Echo "maxAllowedContentLength: " & _
oRequestFilteringSection.RequestLimits.maxAllowedContentLength
WScript.Echo "maxUrl: " & oRequestFilteringSection.RequestLimits.maxUrl
WScript.Echo "maxQueryString: " & oRequestFilteringSection.RequestLimits.maxQueryString
WScript.Echo 

' Show the header limits settings.
WScript.Echo vbtab & "[Header Limits]"
For Each oHeaderLimit In _
    oRequestFilteringSection.RequestLimits.HeaderLimits.HeaderLimits
    WScript.Echo vbtab & "Header: " & oHeaderLimit.Header
    WScript.Echo vbtab & "Header size limit: " & oHeaderLimit.SizeLimit
    WScript.Echo 
Next

' List the verbs settings.
WScript.Echo "[Verbs]"
WScript.Echo "Allow unlisted verbs: " & oRequestFilteringSection.Verbs.AllowUnlisted
WScript.Echo 

' List each verb and show whether it is allowed.
For Each oVerb In oRequestFilteringSection.Verbs.Verbs
    WScript.Echo "Verb: " & oVerb.Verb
    WScript.Echo "Verb allowed: " & oVerb.Allowed
    WScript.Echo
Next

Inheritance Hierarchy

ConfigurationSection

ConfigurationSectionWithCollection

RequestFilteringSection

Requirements

Type	Description
Client	Requires IIS 7 on Windows Vista.
Server	Requires IIS 7 on Windows Server 2008.
Product	IIS 7
MOF file	WebAdministration.mof

Share via