© byron jones
unfortunately i no longer have the time or resources to provide any support or updates to http_filter.
a while back, i had to set up iis's web access for email (owa). now, i think iis has more holes that swiss cheese, so i wrote a simple http tunnel script in perl which allows you to filter requests.
i've added to it, so it call also multiplex multiple web servers on the port 80 (owa 2000 must run on port 80).
it works like
internet --> ( *nix firewall ) ( http_filter:80 ) --> iis_box_1:80 --> iis_box_2:80 --> apache_box:80
it looks at the host: header and creates a tunnel to the appropriate web server in the dmz.
it's now a two second job for me to "patch" my iis servers when a problem is announced .. i schedule patches at the next reboot rather than schedule reboots to apply patches :)
i've been running it for several years without issue. i think this may be useful to other sysadmins, so here it is.
if you want to run http_filter on your iis box directly, you probably don't want to run http_filter :) run a tool microsoft released a while after http_filter called URLscan : http://www.microsoft.com/technet/security/tools/URLscan.asp
if you don't need multiplexing (if you only have a single server to protect), you may want to look at hogwash hogwash is a packet layer firewall which drops packet based on inspection and signatures. this means that the packets (and therefore your log files) aren't affected.
you'll be needing perl.
http_filter.tar.gz version 1.4.6
http_filter is distributed under the artistic license.