I found out today about AQTRONIX WebKnight, an open source alternative to Microsoft’s URLScan and I’m curious to see if anybody has used it and what were the results.

AQTRONIX WebKnight is an application firewall for IIS and other web servers and is released under the GNU General Public License.

More particularly it is an ISAPI filter that secures your web server by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server. It does this by scanning all requests and processing them based on filter rules, set by the administrator.

These rules are not based on a database of attack signatures that require regular updates. Instead WebKnight uses security filters as buffer overflow, SQL injection, directory traversal, character encoding and other attacks. This way WebKnight can protect your server against all known and unknown attacks.

Because WebKnight is an ISAPI filter it has the advantage of working closely with the web server, this way it can do more than other firewalls and intrusion detection systems, like scanning encrypted traffic.

My first thought was how does this product relates to URLScan and the FAQ entry states:

Is WebKnight meant to be a complete alternative to IISLockDown and URLScan?
It is meant as an alternative to URLScan, not IISLockDown, because this last one does things an ISAPI filter cannot do. As for URLScan, all of its functionality is implemented in WebKnight. I’ve seen WebKnight blocking malicious requests URLScan didn’t block.

As always, I invite you to download AQTRONIX WebKnight and give it a spin.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!