IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

European IIS Hosting - HostForLIFE.eu :: How to Enable Reverse DNS Lookup in IIS

clock February 21, 2017 10:37 by author Scott

This article explains how to enable reverse Domain Name System (DNS) lookup for all versions of Internet Information Services (IIS).

When reverse DNS lookups are enabled on the web server, the IP address of each web client that connects to the IIS server is resolved to a DNS name, and the DNS name instead of the web client IP address is placed in the IIS log files.  Enabling reverse DNS also affects what CGI and ISAPI extensions see as a value of the Remote_Host variable.

Microsoft KB article 297795 gives a step-by-step demonstration how to enable RDNS for IIS4, IIS5 and IIS6, but all you need to do is run the following in a command prompt from the ADScripts folder:

For IIS4 run:

adsutil set w3svc/EnableReverseDNS TRUE

For IIS5 and IIS6 run:

cscript adsutil.vbs set /wesvc/EnableReverseDNS "TRUE"

In IIS7, you must install the IP and Domain Restrictions role service for the Web Server (IIS) role.  You can do this in Server Manager or from the command line using the following command:

ServerManagerCMD -install Web-IP-Security

In Windows Server 2008 R2, the ServerManagerCMD.exe program is deprecated and has been replaced with the ServerManager Powershell cmdlets.  The following two cmdlets are used to install the IP and Domain Restrictions role service:

Import-Module ServerManager
Add-WindowsFeature Web-IP-Security

Now that the role service is installed, you can configure reverse DNS lookups, as follows:

  • Open Internet Information Services (IIS) Manager.
  • Navigate to the Server Name in the Connections pane.  If you only want to enable reverse lookups on a particular website, navigate to that website.
  • Double-click IP Address and Domain Restrictions in the center pane and click Edit Feature Settings in the Actions pane.
  • Put a checkmark in Enable domain name restrictions and click OK.

You will see the following warning:

Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance. Are you sure you want to enable restrictions based on domains?

Clicking Yes will enable reverse lookups for all clients connecting to the web server.  I have not noticed any more than a 1-2% increase in CPU performance and the websites are just as performant as before.

Each of these changes go into effect immediately.  There is no need to restart IIS.

European IIS 10 Hosting - HostForLIFE.eu :: How to Fixing Common Errors While Hosting Web API In IIS?

clock February 9, 2017 08:46 by author Peter

While publishing Web API using Visual Studio, you may run into some errors. This article helps to provide the solution to the possible errors that will occur. When you publish the Web API from Visual Studio, the following error may possibly come up.

Output class library not set error while hosting web API
OutputPath property is not set for project 'Company.Directory.Web.csproj'. Please check to make sure that you have specified a valid combination of Configuration and Platform for this project. Configuration=Release Platform='AnyCPU'. You may be seeing this message because you are trying to build a project without a solution file, and have specified a non-default Configuration or Platform that doesn't exist for this project.


When you try to publish for the first time, one of the reasons for the above error to pop up is due to the incorrect settings in .csproj.user file of the solution.

Open the .csproj.user file in the solution and change the settings in the file.

Add the following code in the file.
    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' "> 
    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "> 
    <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Dev|AnyCPU'"> 
        <DeployIisAppPath>Port 80/directory/dev</DeployIisAppPath> 

Solution to 500.19 internal server error while hosting Web API


The above error will pop up when you do not have the permission to access the folder/web.config file.

  •     In Windows Explorer, locate the web.config file that is associated with the Web site.
  •     Right-click the web.config file
  •     Click Properties.
  •     Click the Security tab, and then click Edit.
  •     Click Add.
  •     In the Enter the object names to select box, IUSR, click Check Names, and then click OK.
  •     Click to select the Read check box, and then click OK.
  •     In the Web.config Properties dialog box, click OK.

Solution to 500.21 internal server error while hosting Web API


One of the reasons for the error 500.21 Internal Server Error to pop up, is when ASP.NET is not installed completely in your system.
    Run the command prompt as administrator.
    Type the line in the command prompt below any one.

    %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
    %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -I

Solution to login for application pool access error is denied while hosting Web API


Create the application pool in IIS by selecting the .NET version which your project supports. When creating the site in the default application in IIS for Web API, select the application pool which you have created. The above error will pop up if the application pool which you have created has a built in account selected.

For reference - go to: "Advanced Setting->Process->Identity” of the application pool which you have created. Change the application pool identity to custom account and click on set button to provide the account credentials. Once you have set the setting, refresh/reset IIS to resolve the above error.

Access Denied Error while hosting Web API

The above error will pop up if the solution directory (folder) doesn’t have required permissions.
To resolve the issue follow the steps given in “500.19 : internal server error”.


European IIS 10 Hosting - HostForLIFE.eu :: How to Block SQL Injection On IIS 7 And Later Versions?

clock January 23, 2017 10:06 by author Peter

The discussion is specific to IIS 7 and later versions. Let's start with version IIS 7.0. It has a built-in feature that is able to filter HTTP requests. If a request is found to have contents which are unacceptable to process the request, then it will block such request there, before proceeding to process a request by a web application. This feature is useful as a mitigation technique, for such SQL Injection vulnerabilities.


At first, verify the IIS version that you are using currently. If you are using earlier than IIS 7.0, then update with the latest version before applying the following configuration.

Configuring the Request Filter

To create a global filtering rule for SQL Injection, we should follow the below steps:

Step 1
Open the run window by pressing keyboard key Windows key + R and copy and paste the following code
It will open the applicationhost.config file.

Step 2

In the applicationhost.config file, identify <requestFiltering> section. Under this section, configure for the reserve keywords or reserved special characters, like DELETE, CREATE, UPDATE, INSERT, --,',/* etc. in <denyStrings> section.
Configure the file extensions for which IIS server needs to be validated. The sample code is shown below:

Step 3

Now, to save the file, go to the File menu and choose Save option.

How  does the above configuration behave in the IIS server?

With the above configuration settings, first of all, IIS will look at each incoming request for pages with .html, .aspx, or .asp extensions, to search for specific strings in the request's Query String. If the IIS server finds the specified strings, then IIS will block the request and return a 404: Not Found page to the client.
If you want to add a new file extension or change the existing file extensions in applicationhost.config file, you can add/remove the required file extensions in file Extension tags which lies in the <appliesTo> section. Whatever strings you are placing in the <denyStrings> section, the IIS looks for those strings. If it finds those, then it will block the request and return 404 error page to the client. You can add a new string, remove the existing string,  or change the existing string, in the <denyStrings> section.

In fact, in IIS server, you may have hosted many web applications which are running in parallel.
Let's say, for one of the web applications, you don't want to deny any string for the incoming request. How will you handle such  a scenario?
It is very simple. Create a rule in your application's config file, for which, you want to allow all such strings. If you create a rule in the application's config file, it will override the applicationhost.config file's rule. For instance, if you want to allow the string "end" for only a few applications,  and for the rest of the applications, you want to deny such a string, then follow the below steps:

Step 1: Remove the <add string="end" /> entry from applicationhost.config file.

Step 2: Add the below code into the application's config file where you want to restrict the string "end":

Make a note --  the name for the filteringRule tag must and should be unique and it should not conflict with a name which is in the applicationhost.config file or/and the same name with any other web.config files in the path. And, it is also possible to limit the scope of filtering rules using location tags.

Procedure to check logs for SQL Injection attempts

You can check the SQL injection attempt logs in IIS W3SVC logs section. filteringRule rejects such SQL injection attempts and responds with a 404 status and with a substatus 19. You have to check these logs periodically to make sure that your rule is blocking such SQL Injections for the legitimate requests.

After the configuration changes made in the applicationhost file, if you give the followingURL request in your browser, the following output will show:



HostForLIFE.eu IIS 10 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.



European IIS 8.5 Hosting - HostForLIFE.eu :: How to Enable HTTP Strict-Transport-Security (HSTS) on IIS

clock December 22, 2016 06:04 by author Scott

In this article, we will only show simple tutorial about how to enable and serve HTTP Strict Transport Security (HSTS) response header in IIS.

Definition HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking.

HSTS improves security and prevents man-in-the-middle attacks, downgrade attacks, and cookie-hijacking.

It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

Therefore, adding a HSTS header is important after you’ve added SSL to your WordPress website, so browsers automatically request your HTTPS address.

All you need to add to your web.configconfiguration file is an Outbound Rule, to rewrite request responses and sending the HTTP Strict Transport Security response header:

  <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
      <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    <action type="Rewrite" value="max-age=31536000" />

HSTS and includeSubdomains #

Do you have your SSL (TLS) certificate on your www. subdomain? Then you need to include it using includeSubdomains. The outboundRules rule then becomes:

<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
  <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
    <add input="{HTTPS}" pattern="on" ignoreCase="true" />
  <action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />

HSTS header in WordPress functions.php #

You can set a HSTS header through your functions.php theme file as well. For this to happen, you can hook into the send_headers action.

Use the following code in your functions.php to send a HSTS header:

add_action( 'send_headers', 'saotn_add_hsts_header' );
function saotn_add_hsts_header() {
  header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' );

European IIS Hosting - HostForLIFE.eu :: How to Create Multiple 301 Redirects

clock December 15, 2016 08:33 by author Scott

Some of our clients sometimes ask about how to create URL Rewrite on their site. Previously, we have written about how to redirect HTTP to HTTPS in IIS. In this tutorial, we will advise how to create multiple redirection with a URL Rewrite Map.

URL Rewrite Module with IIS 7/IIS 8

Now there’s an easier solution, and one that offers better performance.  Starting with IIS 7 one can implement different kinds of url rewriting and redirecting with ease by using the URL Rewrite Module. The various rules can be configured using the IIS 7 Manager GUI or by directly editing the web.config. To open the URL Rewrite Module simply double click the URL Rewrite icon on your site properties as shown below.

From there you will be able to maintain your existing rules or add new ones as seen in this picture.

This is a pretty easy way to create server-side rules for rewriting and redirecting, but what happens when you have 30 or 40 legacy URLs that need to be redirected to new pages? Do you have to enter each one manually? Of course not. The solution to that is to use a URL Rewrite Map.

URL Rewrite Map

By using a URL Rewrite Map it has never been easier to create and maintain multiple 301 redirects for different pages on your web site.  The rewrite rules are stored in the <system.webServer> section of your web.config so you can quickly make changes as needed.

Here is all the code you need to accomplish this:

<rewriteMap name=”Redirects”>
<add key=”/test.aspx” value=”/test2.aspx” />
<add key=”/aboutus.aspx” value=”/about” />
<rule name=”Redirect rule1 for Redirects”>
<match url=”.*” />
<add input=”{Redirects:{REQUEST_URI}}” pattern=”(.+)” />
<action type=”Redirect” url=”{C:1}” appendQueryString=”false” />

In the example above I’m performing a 301 redirect on the test.aspx file to test2.aspx file. There’s also a 301 redirect for the aboutus.aspx file to folder called /about, however, in this case it’s important to note that the /about folder will also need a default page or else a 404 error will result.

As you add more URLs to your Rewrite Map you’ll notice that your web.config can become a bit cluttered. The solution to this will be to store the redirect rules in an external file. Let’s call this file myrewritemaps.config. This file will now contain this code block:

<rewriteMap name=”Redirects”>
<add key=”/test.aspx” value=”/test2.aspx” />
<add key=”/aboutus.aspx” value=”/about” />

In your web.config you add the following line of code under the <rewrite> section referencing the external config file:

<rewriteMaps configSource=”myrewritemaps.config” />

Your web.config will now look nice and clean like this:

<rewriteMaps configSource=”myrewritemaps.config” />
<rule name=”Redirect rule1 for Redirects”>
<match url=”.*” />
<add input=”{Redirects:{REQUEST_URI}}” pattern=”(.+)” />
<action type=”Redirect” url=”{C:1}” appendQueryString=”false” />

There is no real limit on how many URLs can be configured for redirecting with the URL Rewrite Map.  You should perform regular search engine analysis to see when the new URLs have been picked up. Once the old URL is no longer indexed and traffic has dropped off you could remove it from your map.

European IIS Hosting - HostForLIFE.eu :: How to Check Trace is Enabled on IIS Server

clock December 9, 2016 07:33 by author Scott

Trace \ Track is a vulnerability that is usually identified on an IIS server when we run PCI compliance and find this vulnerability. A hacker can run a Trace attack on IIS Website and get information about the Backend server and other important information.

In latest versions on IIS (IIS 6.0, 7.5) Trace is disabled by default but still it is good idea to make sure that Trace is disabled on IIS.

Testing if Trace \ Track is Enabled on a IIS website or not

Follow these steps :

1. Go to command Prompt of your Machine.
2. Type telnet <URL of the website> 80 (this will open a telnet session of that website on port 80)
3. Type following commands on the telnet session screen in exact same order: 

    TRACE / HTTP/1.0
    Host: <hostname_you_are_testing>
    TestA: Hello
    TestB: World

4. Press enter twice. 

If Trace is enabled on your server, you should see following results:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Tue, 05 Dec 2016 08:17:15 GMT
    Content-Type: message/http
    Content-Length: 76 

And If you receive following results on the telnet screen, then Trace is enabled :

     HTTP/1.1 501 Not Implemented
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Date: Tue, 06 Dec 2016 09:32:58 GMT
    Content-Length: 1508

    Connection: close

Disabling Trace or Track on IIS

The easiest way to mitigate the risk of Trace \ Track on iis is  : installing URLScan from Microsoft, 
The urlscan.ini file is included as part of URLScan . This sets by default a configuration setting "UseAllowVerbs=1".  In this [AllowVerbs] section of the ini file, only http methods that are allowed are GET, HEAD, and POST so simply by installing URLScan on an IIS server , we can assume that it  protected from TRACE or TRACK.  


European IIS Hosting - HostForLIFE.eu :: How to Fix "Could not establish trust relationship for the SSL/TLS secure channel" Error

clock December 6, 2016 10:45 by author Scott

One of our clients receive this error message when deploying his ASP.NET application.

“System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.”. Here is how we solved that issue.

There are 3 related and important issues:

1. the remote site uses a Server Name Indication (SNI) certificate, installed on a different domain name
2. the web application was published to a IIS 6.0 (Windows Server 2003) web server
3. a System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. This error message is caused because the process is not able to validate the certificate supplied by the server during an HTTPS (SSL) request

IIS 6.0 + Server Name Indication (SNI) certificates = System.Net.WebException #

A Server Name Indication (SNI) certificate basically means that you can install oneSSL/TLS certificate on a web server, to use on multiple domain names. The TLS part takes the negotiation, and that enables the server to select the correct virtual domain early and present the browser with the certificate containing the correct name. Therefore with clients and servers that support SNI, a single IP address can be used to serve a group of domain names for which it is impractical to get a common certificate.

Windows Server 2003 (IIS 6.0), Windows Server 2008 (IIS 7.0) and Windows Server 2008 R2 (IIS 7.5) do not support SNI-certificates.

How to Solve this Error Message

You might wonder what the solution to this error message was. Well, simple: Move the website to an IIS 8.0+ (Windows Server 2012) web server. This version supports Server Name Indication certificates. Microsoft calls this SSL Scalability in IIS 8.0. Because of SNI, or SSL-scalability, support in Windows Server 2012, the ASP.NET System.Net.WebException went away.

It’s simple, right? :)


HostForLIFE.eu Proudly Launches Visual Studio 2017 Hosting

clock December 2, 2016 07:26 by author Peter

European leading web hosting provider, HostForLIFE.eu announces the launch of Visual Studio 2017 Hosting

HostForLIFE.eu was established to cater to an underserved market in the hosting industry; web hosting for customers who want excellent service. HostForLIFE.eu - a cheap, constant uptime, excellent customer service, quality, and also reliable hosting provider in advanced Windows and ASP.NET technology. HostForLIFE.eu proudly announces the availability of the Visual Studio 2017 hosting in their entire servers environment.

The smallest install is just a few hundred megabytes, yet still contains basic code editing support for more than twenty languages along with source code control. Most users will want to install more, and so customer can add one or more 'workloads' that represent common frameworks, languages and platforms - covering everything from .NET desktop development to data science with R, Python and F#.

System administrators can now create an offline layout of Visual Studio that contains all of the content needed to install the product without requiring Internet access. To do so, run the bootstrapper executable associated with the product customer want to make available offline using the --layout [path] switch (e.g. vs_enterprise.exe --layout c:\mylayout). This will download the packages required to install offline. Optionally, customer can specify a locale code for the product languages customer want included (e.g. --lang en-us). If not specified, support for all localized languages will be downloaded.

HostForLIFE.eu hosts its servers in top class data centers that is located in Amsterdam (NL), London (UK), Paris (FR), Frankfurt(DE) and Seattle (US) to guarantee 99.9% network uptime. All data center feature redundancies in network connectivity, power, HVAC, security, and fire suppression. All hosting plans from HostForLIFE.eu include 24×7 support and 30 days money back guarantee. The customers can start hosting their Visual Studio 2017 site on their environment from as just low €3.00/month only.

HostForLIFE.eu is a popular online ASP.NET based hosting service provider catering to those people who face such issues. The company has managed to build a strong client base in a very short period of time. It is known for offering ultra-fast, fully-managed and secured services in the competitive market.

HostForLIFE.eu offers the latest European Visual Studio 2017 hosting installation to all their new and existing customers. The customers can simply deploy their Visual Studio 2017 website via their world-class Control Panel or conventional FTP tool. HostForLIFE.eu is happy to be offering the most up to date Microsoft services and always had a great appreciation for the products that Microsoft offers.

Further information and the full range of features Visual Studio 2017 Hosting can be viewed here http://hostforlife.eu/European-Visual-Studio-2017-Hosting

European IIS 8 Hosting - HostForLIFE.eu :: Dynamic Compression Issue in IIS 8.5

clock November 17, 2016 11:00 by author Scott

Windows Server 2012 R2 comes with IIS 8.5, and in this release an issue has been found in relation to the Dynamic Compression module.  The module sets the “Vary” header which is used to specify caching properties that the browser uses to determine whether the response should be cached or not. 

In IIS 8.0 and earlier, the Dynamic Compression module was overwriting the Vary header with the value “Accept-Encoding”, and as it happens this is the correct value to ensure that dynamic content is correctly cached – but – according to IIS it should be appending this value to the existing value and not overwriting it.

As it happens, this was supposed to be fixed in IIS 8.5 but the fix appears to be broken.  In IIS 8.5 (which ships with Windows Server 2012 R2) the Vary header is being set to “*” and the “Accept-Encoding” from the Dynamic Compression module is not appended.  The result of this is that no dynamic content is being cached by the browser.


Thankfully there is an easy workaround in IIS 8.5 for this:

1. Select an IIS site, and go to Configuration Editor

2. Select system.web/caching/outputCache section, then set the omitVaryStar property to true

Setting this value results in the Vary header being returned with a value of “Accept-Encoding” and the browser then caches the dynamic content.

European IIS 8.5 Hosting - HostForLIFE.eu :: How to Host Different SSL with 1 IP in IIS

clock October 7, 2016 18:56 by author Scott

That has been a question we have come across frequently. Before IIS 8, you could host multiple sites needing SSL on a single IP address if the sites utilized the same SSL certificate or used a wildcard SSL certificate.  A wildcard certificate was only beneficial if you needed SSL on the subdomain level of a current site/domain. But what if you had sites with different names? Well, you could get a Subject Alternative Names (SAN) SSL certificate.  This SSL certificate would allow you to protect multiple sites with a single SSL certificate. The last available option prior to IIS 8 required setting each additional SSL site on the same IP address but with a different SSL port number. This would allow you to utilize each site’s/domain’s SSL on the same IP address as another site.  By default, SSL certificates utilize port 443 for secure communication. This port doesn’t need to be specified in the URL since this is the standard port. When you use a different port number for SSL you will be required to add the non-standard SSL port number in the URL in order for it to work.  As you can imagine, this is not the way you want to run a public site. How would a user know to enter the port number and it’s not a common step that users are familiar with doing when browsing a site.

Adding an additional IP address to host another site needing SSL is the common method used but sometimes this isn’t an option for some people. With the inception of IIS 8 on Windows Server 2012, a new feature called Server Name Identification (SNI) was added. This feature offers an easier solution to hosting multiple sites that have a different or individual SSL on a single IP address. This feature is included in IIS 8 by default and doesn’t require the installation of any additional features to begin using it. Below, we will walk through the steps involved with configuring SNI. One thing to note with implementing SNI for your SSL solution, it will not work for those users running Internet Explorer on Windows XP. If your server has multiple IP addresses, you can implement SNI for some sites in addition to assigning individual sites to a single IP address for SSL. Both methods will work along side each other on different IP addresses without issue.


1)  One of the first things you will need to do is import the SSL certificates for each site on the server if this hasn’t been done already
2)  Next, open IIS 8 Manager and add your first site that will need SSL
  a.  If the first site is already in place, proceed to step the next step
3)  After the site is added select the site and click Bindings… under the Actions menu pane on the right

4)  Click Add
  a.  Select https for the Type
  b.  You can leave the IP address to “All Unassigned” or choose the IP address you want to use
(If you have multiple IP’s on the server you will want to specify the one you want to use for SNI)
  c.  Enter your site/domain name for Host name
  d.  Check the box for “Require Server Name Indication”
  e.  Select the SSL certificate for the site from the drop down box
  f.  Click OK

5)  Create the second site and add the SSL binding following the steps below
6)  Select Bindings and click Add
  a.  Select https for the Type
  b.  You can leave the IP address to “All Unassigned” or choose the IP address you want to use
   (If you have multiple IP’s on the server you will want to specify the one you want to use for SNI)
  c.  Enter your site/domain name for Host name
  d.  Check the box for “Require Server Name Indication”
  e.  Select the SSL certificate for the site from the drop down box

7)  Click OK to complete the setup

That’s all that needs to be done.  Test SSL for the site to make sure each site is working properly.  If you have additional sites that need SSL added, you can continue following the steps above for adding the SSL binding for each new site.

About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2012 Hosting, ASP.NET 4.5 Hosting, ASP.NET MVC 5 Hosting, and SQL 2014 Hosting.

Tag cloud

Sign in