HttpSentry is a free IIS Filter to detect hacker attacks. It prevents common security problems such as SQL injection, Directroy traversal and many more. it also supports URL rewrite and Server masking.

HttpSentry is also an effort to shift the burden of input validation and other security concerns off web application developers.

Traditional network firewalls cannot protect web applications. Port 80 is wide open and according to Gartner group, 75% of cyber attacks and internet security violations are generated through Internet Applications.

HttpSentry focuses on easy of use. The installation comes with only one dll and one configuration file. All the basic rules to fight common problems are already built in and can be easily disabled via the configuration file if necessary.

Following are detailed steps to install HttpSentry on XP.
· extract all files from the zip file to a local directory on the web server machine.
· open up config.ini in a text editor. take a look at all the rules. you don't have to change much at this point. change the log output file location if necessary.
· go to control panel->administrative tools->Internet Information Services.
· under you computer name (local computer), right click on "Web Sites", select Properties to bring up Web Site Properties window.
· select the ISAPI Filters tab. you should see several Filters already installed.
· click on "Add", give this Filter a name, click on Browse to point to the dll file you just extracted from the zip file in step 1.
· click OK. move the Filter you just installed to the top of the list. click OK.
· restart the World Wide Web Publishing service. you should see a log file generated at the specified location, which means the Filter is loaded by IIS and is monitoring your web traffic

Here are some key features of "httpsentry":

· A set of built in rules for detecting common invasion techniques such as Directory traversal, SQL injection, Shellcode attack, URL split, Serverside include attack, OS command execution, Buffer overflow and Code red attack.
· Ability to allow/disallow URL which contains certain meta characters. Most of the meta characters do not form legitimate input for web applications and are mostly used by hackers.
· Selective filters allow user to specify header locations, such as client IP, to filter on.
· Custom filters allow user to define any form of regular expression based rules.
· User can choose from three forms of actions on each individual rule. It could be deny of access, redirect to some other web page, or/and log the request to a file.
· URL rewrite manipulates URL base on regular expressions and allows user to redirect web pages.
· Server mask protects web server identity by changing the "Server" field in the response header.