Installation and filters OK but nothing happens

Topics: User Forum
May 4, 2010 at 5:32 PM

Hello. I use Ionic ISAPI Rewriting Filter (IIRF) 2.0.1.15 RELEASE, on a W2K server with IIS 5.0.

The installation process was OK, I can access the iirfStatus page, the .ini files are successfully loaded, and up-to-date.

Here there are :

The IIRF.ini of my website :

#  ISAPI Security filter for my Application
#
 
RewriteEngine ON
 
RewriteLog  c:\tmp\ccollin\iir\iirf
RewriteLogLevel 5
StatusUrl /iirfStatus RemoteOk

#This rule is for test
RewriteRule ^.*$ /digi/error.asp [I,L]

#This rule blocks all <script> tags (either normal or URL-encoded), ignoring case ([I] modifier)
RewriteRule (.*)(<|%3c)(script|%73%63%72%69%70%74)(>|%3e)(.*) /digi/error.asp [I,L]

#This rule avoids nulls, used for example to avoid detection of tags, for example: javas%00cript:
#Note: Here the [L] modifier is omited to allow multiple replacements (if placed it would only remove the first null found)
RewriteRule (.*)%00(.*) $1$2 [I]

#Same as the first one, this time with the "eval(" javascript function start.
RewriteRule (.*)eval(\(|%28)(.*) /digi/error.asp [I,L]

The IirfGlobal.ini :

RewriteFilterPriority HIGH

 

When I call http://mymachine:83/iirfStatus, it displays the iirf status page and it's logged.

When I call http://mymachine:83/digi/security/toto.asp, nothing is logged and the page /digi.error.asp is not displayed.

 

Anyone has an idea?

 

Coordinator
May 5, 2010 at 12:48 AM
Edited May 5, 2010 at 12:52 AM

You didn't say what response your request is getting.

If there's nothing in the IIRF log, then there's nothing arriving at IIRF.
It's possible something else is grabbing the request and rejecting it, preventing it from arriving at IIRF.

URLScan is one such possibility.

The other  thing that occurs to me - IIRF works on a per-vdir basis. 
If you send a request that maps to the vdir /digi/security, then you need an IIRF.ini in the physical directory corresponding to that vdir. 

May 5, 2010 at 8:25 AM

Thank you for the response!

When I call http://mymachine:83/digi/security/toto.asp, nothing is logged in IIRF and the page /digi/security/toto.asp is displayed (expected : /digi/error.asp).

So the request is probably not rejected as you suggested, but it seems that the ISAPI IIR filter is not reached as you wrote.

URLScan is installed on the IIS I work with, so I'm going to perform tests without it and let you know the results.

May 5, 2010 at 10:07 AM

OK, it's resolved. It was not about URLScan.

The solution was in your third suggestion :


The other  thing that occurs to me - IIRF works on a per-vdir basis. 
If you send a request that maps to the vdir /digi/security, then you need an IIRF.ini in the physical directory corresponding to that vdir.


I added the IIRF.ini into the physical directory, and now it works.

Thanks!