Hello. I have specified a RejectResponseUrl in URLScan (latest version) with UseFastPathReject=0, and I know URLScan is working when I test it, but instead of going to the specified RejectResponseUrl I'm getting the standard IIS403 Fobidden page. I can't figure out why. This is problematic for my security scans because it echoes the dirty URL. Any ideas? By the way, there is nothing funky going on with my web.config or how my IIS errors are set up for this site, everything is default. This is on IIS 7.5 Win2008. Thanks.
↧