Specifying string with semicolons in UrlScan.ini

Question

I want to block user-agents with UrlScan on IIS 6. However I am not able to specify a user-agent with a semicolon in the string. I think this is a very common scenario, but I can't find any answer on how to escape a semicolon in UrlScan.ini (where semicolon are used for commenting). This is the rule:

RuleList=DenyUserAgent
[DenyUserAgent]
DenyDataSection=AgentStrings
ScanHeaders=User-Agent
[AgentStrings]
Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/10.0.2

I tested it and it blocks all the user-agents that start with "Mozilla/5.0 (Windows NT 5.1" because it considers the rest of the string as a comment.

I looked at this article: http://en.wikipedia.org/wiki/INI_file#Escape_characters and I tried replacing the semicolon with: \;, \x003B, ;; and also I tried surrounding the whole string with " and with '. Nothing works. I don't know of any other way to escape a semicolon. please help! — Durden81, Aug 07 '12 at 17:45

score 2 · Accepted Answer · answered Aug 23 '12 at 11:38

2

It seems like you would need to URL escape it, i.e. %3B

See http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/ for examples; one such example they have is blocking semicolon in the querystring to block a SQL injection attack

answered Aug 23 '12 at 11:38

Marc O. Alfonso

53
6

Thank you! it works perfectly. if I could give you more votes I would. – Durden81 Aug 24 '12 at 16:03

Specifying string with semicolons in UrlScan.ini

1 Answers1

Linked