No products

Shipping 0,00 €
Tax 0,00 €
Total 0,00 €

Prices are tax included

Cart Check out


Scan2Fix4Iis product

Scan2Fix4Iis product

Scan2Fix4Iis the microscope for the IIS logs on eCommerce web sites


A powerful capacity to rapidly detect defaults on Microsoft IIS frontends thanks to Scan2Fix4Iis, a configurable engine plugged to Sonar dashboard

More details

0,00 € tax incl.


  • analysis of Microsoft IIS logs
  • full scan or hour by hour
  • autonomous reporting via static Maven reports
  • reports via Sonar dashboard
  • seek by drill down : file or violation


Integration in development and production environments

  • Sonar provides a multi views dashboard :
    • continous integration (jenkins for ex)
    • source code + unit test (Sonar and Scan2Fix 4CSharp or 4Php or 4VB6 or 4Java)
    • production supervision (IIS logs Scan2Fix4Iis, Windows Stack trace Scan2Fix4Stt)
    • web site qualityaudit (Scan2Fix4Aspx)
  • Sonar Web Server is accessible for all technical actors (developers, project managers, Web integrators, production)
  • Generation of static Html reports : standalone and publishable


Quick and simple installation

  • during the command process, provide the sonar server hostname
  • install a java jre
  • install maven 2 or 3
  • install Sonar (any version)
  • copy the plugin (the dwnload link is provided during the commande process) in SONAR_HOME/extensions/plugins
  • restart the Sonar server
  • under admin / Profiles, activate all the rules in the profile "Default Iis Profile")
  • start a Iis scan and the violations appera in the Sonar dashboard)

Example of pom.xml file

<project xmlns="" xmlns:xsi="" xsi:schemaLocation="">

  • <modelVersion>4.0.0</modelVersion>
  • <groupId>com.qualitesys.wsqualitychecker</groupId>
  • <artifactId>tfs_MEL_2012_06_19_iis</artifactId>
  • <version>2012_06_19_01</version>
  • <name>tfs_MEL_2012_06_19_iis</name>
  • <properties>
    • <sonar.language>iis</sonar.language>
    • <!-- Logloadroot can be a local file or , connected through user and password -->
    • <sonar.logloadroot>path_to_log_root</sonar.logloadroot>
    • <sonar.logloaduser>myuseraccount</sonar.logloaduser>
    • <sonar.logloadpwd>myuseraccountpassword</sonar.logloadpwd>
    • <!-- File pattern to retreive a selection of files YY or YYYY  for year, MM for month, DD for current day, DC for yesterday -->
    • <sonar.logloadpatern>zzzYYMMDDnnnn.log.gz</sonar.logloadpatern>
    • <!-- Patern to be ignored in the filename -->
    • <sonar.logloadignorepatern>zz;kk</sonar.logloadignorepatern>
    • <!-- Logloadduration is daily or hourly -->
    • <sonar.logloadduration>daily</sonar.logloadduration>
    • <!-- Paterns on ip to ignore in the IIS files -->
    • <sonar.logloadignoreip>;</sonar.logloadignoreip>
    • <sonar.sendmailto>,</sonar.sendmailto>
    • <sonar.sendmailfrom></sonar.sendmailfrom>
  • </properties>


  • <pluginRepositories>
    • <pluginRepository>
      • <id>QualityChecker remote repository</id>
      • <url></url>
    • </pluginRepository>
  • </pluginRepositories>
  • <build>
    • <!-- COMPULSORY -->
    • <sourceDirectory>C:your_dir_to_source_code</sourceDirectory>
      • <plugins>
        • <plugin>
        • <groupId>com.qualitesys.maven.plugins</groupId>
        • <artifactId>qcr-maven-plugin</artifactId>
        • <executions>
          • <execution>
            • <id>PhaseCleanGoalqcrgoalclean</id>
              • <phase>clean</phase>
            • <goals>
              • <goal>qcrgoalclean</goal>
            • </goals>
          • </execution>
          • <executon>
            • <id>PhaseCompileGoalqcrgoalcompile</id>
            • <phase>compile</phase>
            • <goals>
              • <goal>qcrgoalcompile</goal>
            • </goals>
          • </execution>
        • </executions>
      • </plugin>
      • <plugin>
        • <groupId>org.apache.maven.plugins</groupId>
        • <artifactId>maven-site-plugin</artifactId>
        • <version>3.0-beta-3</version>
        • <configuration>
          • <reportPlugins>
            • <plugin>
              • <groupId>org.apache.maven.plugins</groupId
              • <artifactId>maven-project-info-reports-plugin</artifactId>
              • <version>2.2</version>
            • </plugin>
            • <plugin>
              • <groupId>com.qualitesys.maven.plugins</groupId>
              • <artifactId>qcr-maven-plugin</artifactId>
            • </plugin>
          • </reportPlugins>
        • </configuration>
      •  </plugin>
    • </plugins>
  • </build>



Example with Maven only

Nota : the plugin for Sonar is not required. Usage is limited to 5 days.

mvn clean compile site

Maven will generate the static Web site under target/site/index.html

Example with Maven and Sonar

Nota : the plugin for Sonar is not required. It is provided at the validation step of the command process or on explicit request (

mvn clean qcr:qcrgoallogload qcr:qcrgoalcompile qcr:qcrgoallogshrink qcr:qcrgoalcompile  sonar:sonar

Inventaire des violations

QC-IIS999999 BLOCKER Unknown ErrorCode
QC-IIS001002 BLOCKER HTTP Request : cs-uri-stem XSS dangerous request
QC-IIS001003 BLOCKER HTTP Request : cs-uri-query XSS dangerous request
QC-IIS001004 BLOCKER HTTP Request : cs-user-agent XSS dangerous request
QC-IIS001005 BLOCKER HTTP Request : cs-uri-query SQLInjection dangerous request
QC-IIS001026 BLOCKER HTTP Request : empty user-agent
QC-IIS001028 BLOCKER HTTP Request : cs-uri-stem is incorrect
QC-IIS001030 BLOCKER HTTP Request : cs-uri-query is suspicious
QC-IIS001037 BLOCKER HTTP Request : empty user-agent on .aspx cs-uri-stem
QC-IIS001055 BLOCKER HTTP Request : excessive requests from c-ip and uri-stem
QC-IIS001056 BLOCKER HTTP Request : excessive requests from c-ip
QC-IIS001057 BLOCKER HTTP Request : excessive requests from uri-stem
QC-IIS001058 BLOCKER HTTP Request : non UTF-8 request
QC-IIS001059 BLOCKER HTTP Request : excessive requests from uri-stem and http invalid status
QC-IIS001079 BLOCKER HTTP Request : excessive requests from c-ip-empty-user-agent
QC-IIS001092 BLOCKER vtiger php crm simulation attack
QC-IIS001006 MAJOR HTTP Request : cs-username is provided
QC-IIS001007 MAJOR HTTP Request : abnormal user-agent
QC-IIS001008 MAJOR HTTP Request : time-taken too long (>100ms)
QC-IIS001009 MAJOR HTTP Request : time-taken too too long (>200ms)
QC-IIS001010 MAJOR HTTP Request : time-taken excessively too long (>20s)
QC-IIS001011 MAJOR HTTP Request : sc-win32-status is provided
QC-IIS001012 MAJOR HTTP Request : sc-status>=500
QC-IIS001013 MAJOR HTTP Request : sc-win32-status = 64 The specified network name is no longer available
QC-IIS001014 MAJOR HTTP Request : sc-win32-status = d3221225581 = HC000006D User logon has incorrect user name
QC-IIS001015 MAJOR HTTP Request : sc-win32-status = d2148074248 = H80090308 LDAP authentication error
QC-IIS001016 MAJOR HTTP Request : sc-win32-status = 2 The system cannot find the file specified
QC-IIS001017 MAJOR HTTP Request : sc-win32-status = 995 The I/O operation has been aborted
QC-IIS001018 MAJOR HTTP Request : sc-win32-status = d3221226515 = HC0000413 Logon Failure: The machine you are logging onto is protected by an authentication firewall
QC-IIS001019 MAJOR HTTP Request : sc-win32-status = 5 or = d -2147024891= H80070005 Access is denied
QC-IIS001020 MAJOR HTTP Request : sc-win32-status = d2148074252 = H8009030C LDAP authentication error
QC-IIS001021 MAJOR HTTP Request : sc-win32-status = 3 The system cannot find the path specified
QC-IIS001022 MAJOR HTTP Request : sc-win32-status = 4 The system cannot open the file
QC-IIS001023 MAJOR HTTP Request : sc-win32-status = 1236 The network connection was aborted by the local system
QC-IIS001024 MAJOR HTTP Request : sc-win32-status = 121 The semaphore time-out period has expired
QC-IIS001025 MAJOR HTTP Request : sc-win32-status = 22 The device does not recognize the command
QC-IIS001048 MAJOR HTTP Request : sc-win32-status = 123 The file name, directory name, or volume label syntax is incorrect
QC-IIS001052 MAJOR HTTP Request : sc-status=500 and sc-method=GET
QC-IIS001053 MAJOR HTTP Request : sc-status=500 and sc-method=POST
QC-IIS001070 MAJOR HTTP Request : sc-status=500 and sc-method not GET or POST
QC-IIS001071 MAJOR HTTP Request : sc-status=400
QC-IIS001032 MINOR HTTP Request : 404 and empty user-agent
QC-IIS001078 MINOR HTTP Request : 404 and normal user-agent
QC-IIS001034 MINOR HTTP Request : tentative de scan malveillant libwww-perl
QC-IIS001001 INFO HTTP Request : cs-method other than POST or GET or HEAD
QC-IIS001027 INFO HTTP Request : cs-method is HEAD
QC-IIS999997 INFO LogEntry brut
QC-IIS999998 INFO Message d'erreur brut

  • Sonar compatibility Sonar 3.0 to 4.1.2
  • Maven compatibility maven 2&3

Informations After saving your customized product, remember to add it to your cart.


  • Name of the Sonar server*

* required fields