From looking at IAG, it appears that the only verbs used are: PROPFIND, OPTIONS, HEAD, POST, GET From what I remember of SharePoint publishing in the past, it is recommended to ensure that 'Verify Normalization' and 'Block High Bit Chars' are DISABLED. So, at the most basic level, I could use the following HTTP filter XML: <Configuration BlockExecutables="false" ViaHeaderAction="0" NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue="" MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true" VerifyNormalization="false" AllowHighBitCharacters="true" BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions AllowCondition="0"></Extensions></UrlValidation><Verbs AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb Value="POST" Description=""/><Verb Value="GET" Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures></DeniedSignatures></Configuration> If I add the forbid characters from IAG, we then have something like this: <Configuration BlockExecutables="false" ViaHeaderAction="0" NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue="" MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true" VerifyNormalization="false" AllowHighBitCharacters="true" BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions AllowCondition="0"></Extensions></UrlValidation><Verbs AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb Value="POST" Description=""/><Verb Value="GET" Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures><Signature Name="\\" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[\\]" FormatIsText="true" Enabled="true"/><Signature Name=":" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[:]" FormatIsText="true" Enabled="true"/><Signature Name="*" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[*]" FormatIsText="true" Enabled="true"/><Signature Name="?" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[?]" FormatIsText="true" Enabled="true"/><Signature Name="""" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[""]" FormatIsText="true" Enabled="true"/><Signature Name="<" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[<]" FormatIsText="true" Enabled="true"/><Signature Name=">" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[>]" FormatIsText="true" Enabled="true"/><Signature Name="|" Description="" SearchInType="0" SearchInHeader="" From="1" To="100" Pattern="[|]" FormatIsText="true" Enabled="true"/></DeniedSignatures></Configuration> Is this about as good as we are going to get? I am also looking for the same filters for Exchange 2007, but I guess that is another painful discussion with the Exchange product team :( I can get some pretty similar stuff by reverse engineering the IAG settings again, but official MS guidance would be nicer (MS produced this for Exchange 2003 which was very handy). Cheers JJ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: 07 April 2008 08:12 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: HTTP Filtering for SharePoint Sorry - ben playing in Haifa, Jerusalem, Bethlehem, Eilat, etc. for the past two weeks. I'll follow up on this after I return to rainy-land... ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones [Jason.Jones@xxxxxxxxxxxxxxxxx] Sent: Wednesday, April 02, 2008 4:20 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: HTTP Filtering for SharePoint Any update on HTTP filter settings "collaboration" from the SharePoint guys? :) Jason Jones | Security | Silversands Limited | Desk: +44 (0)1202 360489 | Mobile: +44 (0)7971 500312 | Email/MSN: jason.jones@xxxxxxxxxxxxxxxxx From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: 04 March 2008 14:54 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: HTTP Filtering for SharePoint I've asked the SP team for their input. They've been really good about collaboration in the past... From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Tuesday, March 04, 2008 6:30 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] HTTP Filtering for SharePoint Hi, Anyone ever manage to get these nailed down? I have seen MS recommendations for Exchange 2003, but never seen SharePoint discussed. I am guessing it is pretty hard to do as SharePoint is so dynamic and can include various web parts. Something you filter today, may be needed tomorrow etc. At this point, most of our deployments go out with the default HTTP filter settings, but just wondering if this needs to be reviewed... Thoughts? Cheers JJ ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393. ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393. ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. If you have received this email in error, or if you believe this email is unsolicited and wish to be removed from any future mailings, please contact our Support Desk immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx If this email contains a quotation then unless otherwise stated it is valid for 7 days and offered subject to Silversands Professional Services Terms and Conditions, a copy of which is available on request. Any pricing information, design information or information concerning specific Silversands' staff contained in this email is considered confidential or of commercial interest and exempt from the Freedom of Information Act 2000. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX. Company Registration Number : 2141393.