--- title: PingAccess Agent for IIS 1.5 (July 2024) description: Info component: pingaccess version: 8.3 page_id: pingaccess:agents_and_integrations:pa_iis_15_rn canonical_url: https://docs.pingidentity.com/pingaccess/8.3/agents_and_integrations/pa_iis_15_rn.html revdate: July 10, 2024 section_ids: agent-sdk-for-c-compatibility: Agent SDK for C compatibility cache-multiple-token-types-for-web-api-applications: Cache multiple token-types for Web + API applications block-bad-characters-in-iis-agent-deployments: Block bad characters in IIS agent deployments configure-the-iis-agent-to-ignore-crl-checking-if-revocation-server-is-unresponsive: Configure the IIS agent to ignore CRL checking if revocation server is unresponsive --- # PingAccess Agent for IIS 1.5 (July 2024) ## Agent SDK for C compatibility Info Compatible with the Agent SDK for C version 1.4. ## Cache multiple token-types for **Web + API** applications New PA-15516 If you use a **Web + API** application, the `vnd-pi-resource-cache` PingAccess agent protocol (PAAP) header now contains an additional path so **Web + API** applications can cache both cookie and authorization header token-types. For more information, see the **Cache multiple token-types for Web + API applications** entry in the PingAccess 8.1 release notes, and the `agent.cache.defaultTokenType` property on the IIS agent configuration page. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Existing agent environments ignore the new `vnd-pi-token-cache-oauth-ttl` header and additional paths in the `vnd-pi-resource-cache` header.To see the performance boost, upgrade to PingAccess 8.1 and upgrade to the latest version of the IIS agent. Otherwise, continue to use an earlier agent version. | ## Block bad characters in IIS agent deployments New PAA-251 Configure the PingAccess agent for IIS to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision. Added eight new properties to the agent: 1. `agent.request.block.xss.characters` 2. `agent.request.block.uri.characters` 3. `agent.request.block.query.characters` 4. `agent.request.block.form.characters` 5. `agent.request.block.xss.http.status` 6. `agent.request.block.uri.http.status` 7. `agent.request.block.query.http.status` 8. `agent.request.block.form.http.status` Learn more in the [IIS agent configuration](pa_iis_configuration.html) configuration page. | | | | - | ------------------------------------------------------------------------------------------------------------------------------- | | | For large scale or more complex blocking decisions, it's best practice for the agent to reach out to PingAccess for a decision. | ## Configure the IIS agent to ignore CRL checking if revocation server is unresponsive Improved PAA-265 Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the `agent.engine.configuration.checkCertRevocation.bestEffort` property. This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. Learn more in [IIS agent configuration](pa_iis_configuration.html).