Protect from SQL Injection in IIS
To create a global filtering rule for SQL Injection: Open the applicationhost.config file in the following path: %systemroot%\system32\inetsrv\config\applicationhost.config Search the applicationhost.config file for “<requestFiltering>” (without the quotes.) Immediately under the <requestFiltering> tag, paste the following settings: <filteringRules> <filteringRule name=”SQLInjection” scanQueryString=”true”> …