I've installed URLScan on my Webserver which is sitting behind my ISA server. Reason, I need to use Server publishing so I can get detailed visitor information logged to my web logs. I'm using URLScan to block invalid requests to the webserver (EX: CodeRed infected machines trying to infect published webserver) URLScan is doing the job wonderfully but I need it to block incoming requests for www.worm.com . I thought I could just add this to the urlscan.ini file as a DenyURLSequences, however It doesn't seem to work. I've looked through all the documentation that I can find so now I'm coming to you all. Does anyone know the correct way of modifying the urlscan.ini so it will block www.worm.com Thanks, Greg