If I use UrlScan to block common SQL Injection attempts on asp- and aspx-files, I would do something like this:
[SQLInjection]
AppliesTo=.asp,.aspx
DenyDataSection=SQLInjectionStrings
ScanURL=0
ScanAllRaw=0
ScanQueryString=1
ScanHeaders=
[SQLInjectionStrings]
--
alter
delete
(...)
That would catch
/default.asp?EVILACTION=DELETEDROPSLASHANDBURN
/default.aspx?EVILACTION=DELETEDROPSLASHANDBURN
But NOT
/?EVILACTION=DELETEDROPSLASHANDBURN
How can I make an Urlscan section apply to extensionless urls too?
I tried ., leaving it blank etc - no luck.