WebKnight 3.0 (2013.04.04)
-------------
- FIX: Allow renaming WebKnight.dll to something else, now correct module path is used
- FEAT: per process owner settings possible like WebKnight.yoursite.xml (only IIS 7 and later)
- FEAT: Added ISAPI Extension for POST data filtering in IIS 6 and later  (IIS 6: manual installation required, IIS 7 done during setup)
- removed usage of old MFC ISAPI library <afxisapi.h>
- FEAT: Deny Special Whitespace rule added
- FEAT: User-Agent - Deny High Bit Shellcode
- FEAT: Block too many different User-Agent headers from an IP address in a certain time period
- Set Max HTTP version length to 15 instead of 22
- FEAT: Added Excluded Host Headers to exclude certain web sites from being scanned (for TMG published site)
- FEAT: /WebKnight/ admin page (for localhost only)
	- Added alert statistics
	- Added default.asp for editing XML configuration files
	- Added reference to XSLT (GUI.xsl) in settings
	- Settings parsing attribute separator(" or ') now equals separator that started value like in XMLConfig
- FIX: Deny Information Disclosure was always enabled (new in 2.5)
- Installer
	- added prerequisite for ISAPI Filters/Extensions in IIS 7 and later
	- also install 32-bit version for 32-bit applications on 64-bit IIS
- FEAT: Log file name format can be changed in settings
- Added some more SQL injection keywords
- Added URL denied sequences: // and /./

WebKnight 2.5 (2012.11.18)
-------------
- FEAT: Added excluded urls/querystrings like UrlScan's AlwaysAllowedUrls and AlwaysAllowedQueryStrings
- FEAT: Regular expression filtering for URL, querystring, headers, postdata
- FEAT: Added Response Monitor section in settings
	- PCI compliance: credit card number leakage detection
	- Blacklist IP if a certain amount of client or server errors occur
- FEAT: Block slow header/post attacks
- Added new WebSocket headers (RFC 6455) and blocked by default
- FIX: Incident response handling - block IP wasn't working in 2.4
- FIX: Parsing certain IP addresses generated stack corruption
- FIX: Windows 2000 syslog incompatibility
- uses now last X-Forwarded-For as the client IP address if multiple headers are present
- Improved ISA/TMG support
	- Added IsInstalledInWebProxy compatibility setting in global filter capabilities to register for OnReadRawData
	- No longer registering for OnUrlMap event notification
	- ForeFront TMG 2010 incident response handling incompatibility (no longer using MFC CHttpFilterContext)
	- filter now flags the SF_NOTIFY_FLAG_LARGE_SIZE_AWARE for Forefront TMG >4GB limitation
- FEAT: dynamic robots.txt for cloaking
- FIX: OnSendRawData gives error on IIS 7 when downloading files larger than 256MB
	-> disable event notification when all settings in response monitor are unchecked
- on startup now ISAPI version of IIS/ISA/TMG and process info is logged
- FIX: minor bug in logging 2 entries if logging allowed + already flushed (monitored IP)
- FEAT: Added url list to protect from being hotlinked. This blocks CSRF on those urls.
- Added additional Javascript events for XSS detection + prevent style tag injection
- Added new robots type: Translation

WebKnight 2.4 (2010.12.29)
-------------
- Added Syslog
- Updated LogAnalysis
	- bugfixes + sort column now possible
- Major BUGFIX: URL decode should ignore % sign if not followed by valid hex (could be used to bypass scanning)
- Added Deny Multiple Colons (':') in path for requests like /file/http://test
- Installer
	- BUGFIX: no longer required to have access to inetsrv\config folder
	- Set NTFS permissions for current user/NETWORK SERVICE/IIS_IUSRS on WebKnight folder
	- restart IIS during setup
- Applications compatibility
	- WinRM + by default denied access to /powershell
- Changed BlockIP to blacklist: now able to specify the number of alerts in a certain time span before blocking an IP address

WebKnight 2.3 (2010.04.03)
-------------
- Logging
	- Per process logging no longer in subfolder but processid is in the filename
	- Added per process owner logging for IIS 7.5 and multiple application pools
	- Added error message logging (Error.log) if access to log file is denied
- Added ClientIPVariable for support of reverse proxy/CDN instead of always using REMOTE_ADDR
- Added generic data/querystring/cookie variable + header maximum length scanning
- Added ripping protection of certain file extensions (like jpg,exe...)
- Added M-SEARCH to denied methods (UPNP)
- Adding comments to IP ranges is now possible: "127.0.0.1 //localhost"
- fixed minor bug in XML settings: 'Denied Content Types' instead of 'Deny Content Types'
- Added compatibility with
	- Office Sharepoint Server 2007
	- Virtual Server 2005
- Changed maximum length of "Authorization:" header 4000 -> 5120 for Kerberos
- Changed maximum length of "User-Agent:" header 256 -> 320
- HackResponse no longer sends message body in HEAD request (only in OnPreprocHeaders())
- Removed .axd file from denied sequences (too much used by ASP.NET websites)
- Added /xmlrpc. to the list of blocked urls
- IPv6: Adjusted CIPAddress class to template
- SQL Injection
	- now logs which keywords are found
	- Added SQL Keywords: dbo. ; master.. ; @@version ; @@servername ; @@servicename ; @@fetch_status ; db_name ; db_id ; is_member ; is_srvrolemember ; object_id ; object_name ; col_length ; col_name ; syscolumns ; sysname ; system_user ; quotename ; isnull ; xtype ; varchar ; char(9) ; char(94) ; char(32) ; char(85) ; cursor ; sp_configure ; backup ; /* ; */ ; information_schema

WebKnight 2.2 (2008.09.02)
-------------
- First 64bit and IIS7 release (adjusted installer scripts to use new IIS7 API instead of metabase)
- Disabled registering for OnReadRawData event on IIS7 and later
- Added Denied Content-Types
- Frontpage 2008 (and previous) uses empty url in OnUrlMap
- Added logging of "Host:" header
- Now also logs ASP.NET error response body (ASP classic used querystring for error number)
- Updated default keywords
	Url: /siteadmin
	Querystring: c:\
	Filename: .aspx. ; .asa. ; .asax. ; backdoor ; admin.pw ; test.cgi -> test.
	Extensions: .old ; .backup ; .000 ; .asp~ ; .dbf & .dbx -> .db ;
	SQL injection: char(124) ; cast( ; fetch next ; allocate ; MySQL string escape character ;  =!(  
- Referrer scan
	- Extended with DenySQLInjection
- Cookie scan
	- Extended with DenyHighBitShellCode, DenyDirectoryTraversal, DenySequences
	- Fixed bug with scanning for SQL injection: make lowercase
- Added blocking/monitoring of IP address if alert (response handling)
- Added IP range format 10.0.0.1-10.0.0.2
- Blocked certain query string/postdata injection attacks
	- http:// injection
	- php script injection (<?php)

WebKnight 2.1 (2007.10.08)
-------------
- Fixed major bug where CString MakeLower() & MakeUpper() would throw an exception on Korean systems (GetLastError: 1113)
- Added filtering exclusion based on IP address/range
- Fixed bug when logging in local timezone, time field would still log in GMT (this bug was introduced in version 2.0)
- Fixed bug where IP addresses from Robots.xml would not get blocked when WebKnight loads (moved LoadCache after LoadAgents)
- ScanRawUrl() log url even when URL.UseRawScan is disabled for raw filename scanning
- added RFC compliancy for multiple User-Agent headers in request (Google Translate uses this)
- added log warning to entry when hot linking with missing 'Host:' header

WebKnight 2.0 (2006.12.24)
-------------
- Fixed major bug in OnSendRawData involving IIS 6 and binary files with embedded nulls (like images)
- Added HTTP/0.9 version (IIS6 reports no version as HTTP/0.9)
- Enabled run-time update in SaveDefaultSettingFile()
- Added check for %u0000 in ScanHexEncodingAbuse()
- Added default *nix command line hack tools to denied url/querystring
- Added Referer URL scanning
- Added SQL keyword "--" and added trailing spaces to some keywords (reduce false positives)
- Changed Denied CGI application "ping" to "ping.exe" (false positives: shopping)
- Web Applications
  - Added SOAP for improved ASP.NET support + blocked "SOAPAction:" header by default + set max length
  - Added FileUpload
  - Added Unicode
  - Added Internet Printing Protocol
  - Added BITS (also blocked BITS headers/verbs by default + set max lengths for headers)
  - Fixed not reading settings Allow_Web_Applications_SharePoint...
  - Improved compatibility with FrontPage: allow Content-Type "application/x-vermeer-urlencoded"
  - Improved compatibility with ColdFusion: allow Content-Type "application/x-ColdFusion"
- Added Date to each log entry (for ODBC logging)
- Major code review (optimizations in code management / performance)
  - Created CStringHelper, CExploitScan, CFirewall, CHTTPFirewall, CISAPIFilter, CISAPIFirewall classes
  - fixed lowercase/uppercase issues with settings (lists)
  - Created CHTTPFirewallSettings class
- Blocked cookie ASP exploit with invalid cookie "Cookie: ="
- blocked script injection with
  "urn:schemas-microsoft-com:time namespace" and javascript events
- Internal Security Audit
  - Added checks for invalid heap allocations
  - Added checks for invalid pointers in ISAPI function calls
- Added ResponseDropConnection and default enabled
- improved reading of response file (for large files)
- Added HTTP compliant url check
- Added protection against web robots
  - Block all robots
  - Block bad robots (with a bot trap)
  - Block aggressive robots (requests/second)
  - Denied robot lists (CWebAgents class)
- Added ScanFilename() function for checking the filename and
  extension in OnPreprocHeaders (if UseFilenameRawScan is
  enabled)
- Monitor access to certain files
- Added Connection control
  - Monitor activity of certain IP addresses/ranges
  - Block access from certain IP addresses/ranges
  - Limit number of requests coming from single IP address
- Added OnAuthentication event
  - Protection against basic authentication brute force
    attacks / lockout DoS
  - block common usernames & passwords
  - Allow- & Blocklist of usernames
- Compatible with Exchange 2003
  - Added EnableOutlookMobileAccess()
  - Added EnableActiveSync()  (Exchange ActiveSync)
  - Added EnableRPCoverHTTP() (RPC over HTTP Proxy)
  - By default denied:
      http methods: "RPC_IN_DATA","RPC_OUT_DATA","X-MS-ENUMATTS"
      cgi: "rpcproxy.dll"
- Improved checking of responsestatus + performance boost in change/remove server header in OnSendRawData() with CONTEXT_SENDINGDATA
- Copied updated CURL class
- Copied updated CSettings class
- Config utility 1.3 (see changelog config)
- Fixed minor bug: "c:\program files\exchange\..." should have
  been: "c:\program files\exchsrvr\..."
- fine-tuned EnableOWA(), EnableWebDav() settings (issue with 
  raw postdata)
- Logging of HTTP errors: added HTTP_USER_AGENT to log entry
- Cleaned up default Allow_PATH_List (removed d:\exchange\...) and Deny_HEADER_List (forgot ':')
- Log HTTP Client Errors is now by default enabled
- Added Denied User Agents (in OnPreprocHeaders)


WebKnight 1.3 (2003.11.10)
-------------
- Increased default value of Accept-Language header from 256
  to 356 to allow requests from Netscape/Mozilla on Mac
- Fixed minor issue with IE5+SP and IE6 where a response with
  status "31337" would not be displayed. IE4 & IE5 (with no
  hotfixes) displays it! Changed default response status to
  "999"). 
- Changed SQL injection keyword "char" to "char(" because it
  produced a lot of false positives in certain situations.
- Fixed minor bug in OnReadRawData - SQL injection scanning: it
  also blocked the request when a single keyword was found and not
  only when two or more are found. Reported by Craig Curtin
- Copied updated CFileName class
- Added "<iframe" and "<link" to Denied headers,data,querystring
- Added URL RFC compliance checking
- Added check for %00 encoding exploit in url, querystring,
  cookie, headers & postdata 
- Added raw querystring scanning (in OnPreprocHeaders)
- Added raw URL scanning functionality (in OnPreprocHeaders)
- MaxHeaders: logs first 1024 characters to log file of blocked
  header instead of maxlength of that header.
- Added HTTP 0.9 compliance in 'Allowed HTTP Versions'
  (no http version)
- Fixed minor bug in UseAllowUrl: it would block uppercase
  variants of the strings in URL Allowed Starts list.
- Fixed minor bug where the xml file would get corrupted
  and WebKnight would use its default settings
- moved some functions to newly created CURL class
- Copied updated CLogger class
  - Added setting logGMT, so you can choose between logging
    in local time (like in version 1.0 and 1.1) and logging
    in GMT (like in version 1.2)
  - Removed #Version directive (confusion with W3C logging)

WebKnight 1.2 (2003.09.08)
-------------
- fixed minor bug in changing timezone while running: call _tzset()
  before GetCurrentTime()
- fixed minor bug if hack and no response is sent back: reset filtercontext
- Added feature 'Allowed HTTP Versions' & 'Use Allowed HTTP Versions'
  for allowing only certain revisions of HTTP
- fixed minor bug in XML settings: 'Use Allowed Url Starts' instead
  of 'UseAllowedUrlStarts'
- fixed major bug in OnReadRawData where the raw data is 0 (rare)
  and WebKnight would crash and block the request reported by Craig Curtin
  Many thanks for helping solve the issue.
- fixed bug in OnReadRawData where the event did not happen if you
  did not enable scanning of SQL injection or used Denied Sequences
  in headers or data.
- Copied updated CSettings class (from general library)
- Copied updated CLogger class (from general library):
   - switched to GMT/UTC logging as default
   - added #Date and #Version directive in logging

WebKnight 1.1 (2003.07.14)
-------------
- added "mailform." in Denied Filename
- Changed filter order in install script (after sspifilt & Compression)
- when run-time update occurs it is now getting logged
- Splitted settings in a CSettings (general lib) and CWebKnightSettings class
- Changed errorhandling for reading the nohack.htm file
- Added checks on the length of certain log entries
- Copied updated CLogger class (from general library)
- Copied updated CLogFile class (from general library)
- Copied updated CFileName class (from general library)
- Web Applications:
	Secured default settings for protecting ASP.NET
	made EnableASPDotNet()	(also in xml config file)
	made EnableASP()	(also in xml config file)
	made EnableStaticHTML()

WebKnight 1.0 (2003.03.24)
-------------
- First official release