IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

European IIS 8.5 Hosting - HostForLIFE.eu :: How to Enable HTTP Strict-Transport-Security (HSTS) on IIS

clock December 22, 2016 06:04 by author Scott

In this article, we will only show simple tutorial about how to enable and serve HTTP Strict Transport Security (HSTS) response header in IIS.

Definition HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking.

HSTS improves security and prevents man-in-the-middle attacks, downgrade attacks, and cookie-hijacking.

It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

Therefore, adding a HSTS header is important after you’ve added SSL to your WordPress website, so browsers automatically request your HTTPS address.

All you need to add to your web.configconfiguration file is an Outbound Rule, to rewrite request responses and sending the HTTP Strict Transport Security response header:

<outboundRules>
  <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
    <conditions>
      <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    </conditions>
    <action type="Rewrite" value="max-age=31536000" />
  </rule>
</outboundRules>

HSTS and includeSubdomains #

Do you have your SSL (TLS) certificate on your www. subdomain? Then you need to include it using includeSubdomains. The outboundRules rule then becomes:

<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
  <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
  <conditions>
    <add input="{HTTPS}" pattern="on" ignoreCase="true" />
  </conditions>
  <action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />
</rule>

HSTS header in WordPress functions.php #

You can set a HSTS header through your functions.php theme file as well. For this to happen, you can hook into the send_headers action.

Use the following code in your functions.php to send a HSTS header:

<?php
add_action( 'send_headers', 'saotn_add_hsts_header' );
function saotn_add_hsts_header() {
  header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' );
}



European IIS Hosting - HostForLIFE.eu :: How to Check Trace is Enabled on IIS Server

clock December 9, 2016 07:33 by author Scott

Trace \ Track is a vulnerability that is usually identified on an IIS server when we run PCI compliance and find this vulnerability. A hacker can run a Trace attack on IIS Website and get information about the Backend server and other important information.

In latest versions on IIS (IIS 6.0, 7.5) Trace is disabled by default but still it is good idea to make sure that Trace is disabled on IIS.

Testing if Trace \ Track is Enabled on a IIS website or not

Follow these steps :

1. Go to command Prompt of your Machine.
2. Type telnet <URL of the website> 80 (this will open a telnet session of that website on port 80)
3. Type following commands on the telnet session screen in exact same order: 

    TRACE / HTTP/1.0
    Host: <hostname_you_are_testing>
    TestA: Hello
    TestB: World


4. Press enter twice. 

If Trace is enabled on your server, you should see following results:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Tue, 05 Dec 2016 08:17:15 GMT
    Content-Type: message/http
    Content-Length: 76 


And If you receive following results on the telnet screen, then Trace is enabled :

     HTTP/1.1 501 Not Implemented
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Date: Tue, 06 Dec 2016 09:32:58 GMT
    Content-Length: 1508


    Connection: close

Disabling Trace or Track on IIS

The easiest way to mitigate the risk of Trace \ Track on iis is  : installing URLScan from Microsoft, 
The urlscan.ini file is included as part of URLScan . This sets by default a configuration setting "UseAllowVerbs=1".  In this [AllowVerbs] section of the ini file, only http methods that are allowed are GET, HEAD, and POST so simply by installing URLScan on an IIS server , we can assume that it  protected from TRACE or TRACK.  

 



IIS 7.5 Hosting - HostForLIFE.eu :: How to Manage IIS with Appcmd?

clock August 31, 2016 21:01 by author Peter

In this tutorial, I will tell you about Manage IIS with Appcmd. What is Appcmd? The appcmd.exe is a single command, used to manage IIS 7 and above. It is used to manage the Server without using a graphical administration tool. The appcmd is located in C:\Windows\System32\inetsrv (%systemroot%\system32\inetsrv\) directory. By default, it will not add into environment variable. 

Key Features 

  • Creating and configuring the sites.
  • To list the running worker process.
  • Backup and restoring the site configuration.
  • Retrieve the information about the Application pools.

Object Types

  • List
  • Add
  • Delete
  • Set
  • Hide

Syntax

appcmd <objecttypes> <parameters>   

set path=%path%;%systemroot%\system32\inetsrv; //used to set the environment variable   

To list all the sites, use the command, given below:

appcmd list sites     

To get the details of a specific site binding and status (stopped/start), use the command, given below:

appcmd list site "Default web site"  

To list all the sites, which had been stopped, use the command, given below:

appcmd list sites /state:Stopped   

To add a new site, use the command, given below:

appcmd add site /name:"added using appcmd" /bindings:"http/*:81:localhost" /physicalPath:"D:\test"

To add an https binding to the site, use the command, given below:

appcmd set site /site.name:"added using appcmd" /+bindings.[protocol='https',bindingInformation='127.0.0.1:444:localhost']  

To list all the applications, use the command, given below:

Appcmd list app  


To change an application pool, use the command, given below:

appcmd set app "added using appcmd/app1" /applicationPool:appcmdpool  

To view the application pool details including the username and password of the app account, use the command, given below:

appcmd list apppool "MyAppPool" /text:*  

 

Backup

appcmd add backup   

appcmd add backup "locahostbkup"  

appcmd list backup   

appcmd delete backup "backup name"  

 

Restore

appcmd restore backup "locahostbkup "  

appcmd restored configuration from backup "locahostbkup"  

To view the list of the worker process, which will help us to attach the debugger in Visual Studio, use the command, given below:

appcmd list wps  

To view the list of the physical path, use the command, given below:

appcmd list vdirs /text:physicalPath   

To start and stop the sites, use the command, given below:

appcmd start site "Default web site"  

appcmd stop site "Default web site"

 

HostForLIFE.eu IIS 7.5 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.




IIS 7.5 Hosting - HostForLIFE.eu :: How to Deploy NopCommerce in IIS?

clock April 15, 2016 23:59 by author Anthony

In this article, I will explain about how to deploy nopcommerce in IIS. Those who don't know NopCommerce is open source free Online stores application(just like flipcart,ebay). It is built on ASP.NET MVC. There are many features in NopCommerce. NopCommerce also support wide range of plug-ins. You can create your own plug-ins also. You can found more details about nopcommerce at http://www.nopcommerce.com/

Deployment methods

You can Deploy NopCommerce in two way

  • Tools provided by NopCommerce(*.bat)
  • Using Visual studio.

First method is very easy to implement. Second method need some extra work.

It is always better idea to deploy production code in local IIS host before deploying it in live server. If your developing asp.net application in visual studio you will use IISExpress to run the application. Most of the time IISExpress may not show those error which will be shown by IIS. For example when i run the nopCommerce in visual studio it worked properly but when i deployed it in Local IIS i fond a unknown error "Could not load type 'System.ServiceModel.Activation.HttpModule......."

Deploying using NopCommerce tools

  • Assuming you already download NopCommerce with Source(At the time of writing this post nopCommerce_2.80_Source.rar is the latest version). You can download NopCommerce with source at http://www.nopcommerce.com/downloads.aspx
  • Extract nopCommerce_2.80_Source.rar at your desired location. I am using F:\DotNetProjects.
  • The extracted folder contains below items.

  • In that folder Prepare.bat, Deploy.bat are the deployment tool given by NopCommerce.
  • First Run prepate.bat it will display bunch of text in command prompt and finally Build success message.
  • Now Run Deploy.bat again it will show you bunch of text in command prompt and finally Build success message. If you observe a new folder called Deployable is created automatically. This is our production code we need to deploy in Live Server.
  • Before we deploy it in live server we will deploy it in local IIS. Now Just go to you iis manager.
  • Expand the items in your left sidebar. Right click on Default Web Site and select Add Application form the menu.
  • Enter details. Physical path field must be point to your Deployable folder.
  • Now open your broser and enter http://localhost/nop.
  • If there is no error it will redirect you to http://localhost/nop/install folder where you need to enter details like admin email,password, db connection details and click install.
  • If everything is ok NopCommerse Will install successfully.

    Error1:Could not load type 'System.ServiceModel.Activation.HttpModule' ... Problem Fix
    At step 10 in above process you may get this error.
    Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
  • Step By Step Deploy NopCommerce In Local IIS Server

  • If you got this error you can resolve it by using simple tool "aspnet_regiis.exe".
    Just go to C:\Windows\Microsoft.NET\Framework64\v4.0.30319 (path may different for 32 bit pc)in your command prompt. Run the the tool like this. "aspnet_regiis.exe -iru" this will execute some command and the problem should fixed.

ERROR2:Setup failed: An error occurred while creating the database: CREATE DATABASE permission denied in database 'master'. error. fix
If you got this error there are different alternative you can fix this error. But I will explain most simple one only.

  • Run NopCommerce.sln under nopCommerce extracted folder(Refer step 2).
  • Run the NopCommerce Application (ctrl+f5). 3)It will prompt you to enter db details(refer step 11). Enter details as shown in step 11 and click install.
  • This time you wont face any problem (as i told earlier at beginning).
  • No go to F:\DotNetProjects\nopCommerce_2.80_Source\Presentation\Nop.Web\App_Data (may different in your pc) and copy InstalledPlugins.txt,Settings.txt to F:\DotNetProjects\nopCommerce_2.80_Source\Deployable\nop_2.80\App_Data(this is our Deployable folder)
  • Now Go to http://localhost/nop.

    If it asked for db details enter exact details you entered before.
  • Voila! you successfully installed NopCommerce.

Deploying nopCommerce using Visual Studio

  • Go back to your to Visual studio where you open nopCommerce solution and build the solution.
  • Right click on Nop.Web click publish.
  • This will prompt you through publish web wizard  Enter details like Publish Method:File System,Physical path
  • Now right click on Nop.Admin and publish with sub-directory as /Admin under same directory you selected in previous step.
  • copy all files you found under /admin/bin to /bin.
  • Now copy copy InstalledPlugins.txt,Settings.txt text to add_data folder(Just follow steps i explained in Errror2 section of this post).
  • That's it everything is great now.

HostForLIFE.eu IIS 7.5 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.



IIS 7.5 Hosting - HostForLIFE.eu :: How to Install SMTP Service?

clock April 13, 2016 23:12 by author Anthony

Today I will show you, how to install IIS 7.5 a SMTP service and securing it.  Often the applications we deploy have a requirement to send alerts or messages to end users via system generated e-mails. If you have a mail server, such as Microsoft Exchange, installed in the same environment this usually handles this functionality for you. However, if the application is a standalone application which will deployed into an environment where no e-mail services exist, you will either need to implement a mail server which might be overkill if you are just going to be sending alerts and system generated messages, or create an SMTP service on the application server. A simple way to get this done is to install the SMTP server feature that is part of Windows Server 2008 R2 as well as every version of Windows Server before that. Once installed you would need to configure the SMTP service, test it and secure it. Below are the steps to follow:

Step 1 – Install the SMTP Service

Open Server Manager and go to ‘Add Features’ and Select ‘SMTP Server’. If you do not have IIS installed the server will prompt you to ‘Add Role Services and Features Required for SMTP Server’

[image[2].png]

Click ‘Next’ and the wizard will install the SMTP Server for you.


Step 2 – Set the SMTP Service to Automatic Start

By default Windows installs the service and sets it to manual start. If you restart the server at any time the SMTP service will not start automatically which will result in your application not being able to send any e-mail. Open the MMC Services Snap-In, Find the ‘Simple Mail Transfer Protocol (SMTP)’ Service and double-click it.

[image[5].png]

Set the ‘Start-Up Type’ to ‘Automatic’ Apply and close the window.

[image[8].png]


Step 3 – Open IIS 6.0 Manager

You will note on Windows Server 2008 (& R2) that it will install two IIS Managers. The SMTP server is managed through IIS 6.0 and not IIS 7.5.

Step 4 – Add a new Mail Domain

You now need to configure the mail domain. Expand the virtual folders on the left pane and then right-click on the centre pane. Select ‘New’ and ‘Domain…"’

[image[14].png]

Select the ‘Remote’ radio button and then click ‘Next’

[image[17].png]

Type your domain name in the text box provided and click on ‘Finish’. Do not add the @ symbol as per the example below.

[image[20].png]

Step 5 – Configure the New Domain

You now need to configure your new domain. Right-Click on the domain you have created and select ‘Properties’

Click on ‘Outbound Security’ and select your authentication type. In this example I am leaving the authentication to ‘Anonymous Access’ as I will lock down the server through limiting relay. Click ‘Ok’ and close all the domain windows.


Step 6 – Configure the SMTP Server

You now need to configure the SMTP Virtual Server. Right-click on the Virtual Server in the left pane and select ‘Properties’

[image[29].png]

Select the ‘Access’ Tab and Click on ‘Authentication’. Your Authentication at this level must match the authentication set at the domain level as per Step 5. In this example Anonymous Access is our preferred method.

[image[35].png]

Click on ‘Ok’ which will take you back to the previous window. Now click on ‘Relay’

[image[38].png]

An ‘Open Relay’ is the greatest risk to your SMTP server as it could be used by SPAMMERS to send their malware and other unsolicited mail. We are going to restrict this server to only accept mail and relay it for the localhost on which the application resides.
Ensure the Radio Button which states ‘Only the list below’ is selected. Untick the box which states ‘Allow all computers that successfully authenticate to relay, regardless of the list above’. Click on ‘Add’ and in the window provided type in the IP address of your server. Once done click ‘OK’.

Your ‘Relay Restrictions’ dialogue box should now look like the one below.

[image[44].png]

Click ‘Ok’. Your SMTP Server is now ready to send e-mail. You can click through the other configurations and change mail size limits and retry intervals etc. But by default the settings are good enough for this example.


Step 7 – Testing the SMTP Service

You can test the service using a Telnet session from the Command Line. Note that since Windows Server 2008 the Telnet Client is not part of the base install. You will need to install it using the ‘Add Features’ wizard as we did to install the SMTP Server in Step 1 above. If the server is situated behind a Firewall ensure that it will allow SMTP (TCP Port 25) outbound from your SMTP server.
Follow these steps as per http://support.microsoft.com/kb/153119
Open the Command Prompt and type ‘Telnet’ to start the Telnet client.
Type ‘set localecho’ hit enter and then type ‘open 127.0.0.1 25’ and hit Enter.

You will be presented with the SMTP Server Header.Now type ‘helo me’ note the single ‘l’ and hit Enter. The server will respond with Hello and the IP Address.
Now type ‘mail from:<yourname>@<yourdomain.com>’ and hit Enter. 
Now enter the address you want to send mail to by typing ‘rcpt to:<name>@<senddomain.com>.
Now type ‘Data’ and hit Enter.
Type ‘Subject:This is a test’ and hit Enter twice.
Type ‘Testing’ or anything else you want to send as body text and hit Enter.
type ‘.’ i.e. full stop and hit Enter.
Your mail should now be sent and should be received within standard e-mail timeframes.

 

HostForLIFE.eu IIS 7.5 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.



IIS 8 Hosting - HostForLIFE.eu :: How to Config ASP.NET and IIS Request Length?

clock April 8, 2016 20:30 by author Anthony

In this post, i will show you how to configuring ASP.NET and IIS request length for post data. One of the most infuriating things about IIS configuration in general is how the Request length is configured in IIS and ASP.NET. There are several places that control how much content you can send to the server and over the years this setting has changed in a number of ways. The places where it's configured is not super obvious and they can be fluid because some of these features are optionally installed IIS features.

So here are the two main places where the request length is set in IIS and ASP.NET:

  • IIS Request Filtering
  • HttpRuntime maxRequestLength

Let's start with the IIS level setting, which is also a relatively new setting. It's based around the Request Filtering module in IIS which is an optional IIS component, but that is a required component if you have ASP.NET installed on your server (at least in the latest versions). If you have ASP.NET enabled in IIS the Request Filtering module is also enabled and the following settings apply.

If you don't use ASP.NET you can still install Request Filtering, but it's an optional component. So if you only use ISAPI or CGI scripts and no ASP.NET content Request Filtering may not be enabled in which case the following settings cannot be set and aren't required. Since most people do run ASP.NET at least for some sites, for all intents and purposes we can assume that the Request Filtering module is installed on IIS.

So to configure the posted content size you can use the following web.config based configuration settings:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
     <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="500000000"  />
      </requestFiltering>
    </security> 
   </system.webServer>
</configuration>

The maxAllowedContentLength determines the size of the POST buffer allowed in bytes. Above I've set the value to 500megs.

Or you can do the same thing in the IIS Management console using Request Filtering option in the IIS options:

As is usually the case you can apply the filtering at all levels of the IIS hierarchy – Machine, Site and Virtual/Application. Using web.config as shown above sets the settings at the Application level.

Because these are IIS settings, the value controls the IIS upload settings so they are applied against any and all requests that are fired against IIS, including ASP.NET, ASP, ISAPI extensions, CGI/FASTCGI executables, IISNodeJs requests and so on.

ASP.NET traditionally has had its own httpRuntime element in the <system.web> section that control ASP.NET runtime settings one of which is the maxRequestLength. This setting controls the ASP.NET pipeline's acceptance of file uploads and it needs to be configured in addition to the Request Filtering settings described above.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.web>
    <httpRuntime maxRequestLength="500000000" executionTimeout="120" />
  </system.web>
</configuration>

You can also use the IIS Management Console and the Configuration Manager option, to view all of the options on the httpRuntime element:

What's interesting is that the settings you see here widely mirror the settings in the Request Filtering section, and they are not inherited. It's your responsibility to make sure the settings are set correctly in both places. I recommend that you take a minute and go through the values you care about and set them correctly in both places.

The above describes ASP.NET settings. If you're using another framework, like WCF you may end up with yet another different set of settings on the WCF bindings and Endpoints. Just be aware of the framework you're using and that it too might have specific filters to restrict request size.



HostForLIFE.eu IIS 8 Hosting

HostForLIFE.eu revolutionized hosting with Plesk Control Panel, a Web-based interface that provides customers with 24x7 access to their server and site configuration tools. Plesk completes requests in seconds. It is included free with each hosting account. Renowned for its comprehensive functionality - beyond other hosting control panels - and ease of use, Plesk Control Panel is available only to HostForLIFE's customers. They offer a highly redundant, carrier-class architecture, designed around the needs of shared hosting customers.



European IIS 8 Hosting - UK :: Tips to Secure Your IIS Installation

clock November 18, 2015 20:55 by author Scott

You have just finished installing IIS on your Windows OS. You’re probably thinking that you can delve into the web development world and forget all about the underlying web server. After all, IIS is a Microsoft product so it should install with the right default configuration settings, right? That is far from true with IIS.

In this article, I will provide 8 tips that you can use to secure your IIS installation.

Move the Inetpub folder to a different drive

The Inetpub folder is the default location for your web content, IIS logs and so on. By default IIS 7 and upwards install the Inetpub folder in the system drive. It’s good practice to move the Inetpub folder to a different partition so that the web content is separate from the operating system. This folder can be moved after IIS installation is completed.

Install the appropriate IIS modules

IIS includes more than 30 modules  – you should only install the ones which are needed by your web applications. Disable any modules that are not required, to minimize the capacity of potential attacks. Periodically review the modules that are installed and enabled and remove any that are no longer required. You can use IIS Manager to list all the modules that are enabled.

  • Open IIS Manager
  • Select the name of the machine to view the modules for the whole machine, or change to the specific web site to view the modules enabled for the selected site
  • Double click on ‘Modules’
  • To disable a module, click on the module from the list and select ‘Remove’ from the Actions pane
  • Confirm the removal by pressing Yes

Disable the OPTIONS method

The OPTIONS method provides a list of methods that are supported by the web server. Although this might seem beneficial, it also provides useful information to an attacker. This will provide information to an attacker at the reconnaissance stage of this attack. Therefore it’s recommended to disable the OPTIONS method completely. This can be done by denying the OPTIONS verb from the HTTP Verb request filtering rules in IIS.

  • Open IIS Manager
  • Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this)
  • Double click on ‘Request Filtering’
  • Change to the HTTP Verbs tab
  • From the Actions pane, select ‘Deny Verb’
  • Insert ‘OPTIONS’ in the Verb, and press OK to save changes

Enable Dynamic IP Restrictions

The Dynamic IP Restrictions module helps blocks access to IP addresses that exceed a specified number of requests and thus helps prevent Denial of Service (DoS) attacks. This module will inspect the IP address of each request sent to the web server and will filter these requests in order to temporarily deny IP addresses that follow a particular attack pattern. The Dynamic IP Restrictions module can be configured to block IP addresses after a number of concurrent requests or by blocking IP addresses that perform a number of requests over a period of time. Depending on your IIS version you will need to enable either the ‘IP Security’ feature or the “IP and Domain Restrictions”  as explained in this Microsoft article.

This will include the ‘IP Address and Domain Restrictions module in the IIS Manager, from where dynamic IP restrictions can be set.

  • Open IIS Manager
  • Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this)
  • Double click on ‘IP Address and Domain Restrictions’
  • From the Actions pane, select ‘Edit Dynamic Restriction Settings’
  • Modify and set the dynamic IP restriction settings as needed and press OK to save changes

Enable and Configure Request Filtering Rules

It is also a good idea to restrict the types of HTTP requests that are processed by IIS. Setting up exclusions and rules can prevent potentially harmful requests from passing through to the server, since IIS can block these requests on the basis of the request filtering rules defined. For example, a rule can be set to filter traffic for SQL Injection attempts. Whilst SQL Injection vulnerabilities should be fixed at source, filtering for SQL Injection attacks is a useful mitigation. This can be set from the Rules tab found in the Request Filtering page in IIS Manager.

  • Open IIS Manager
  • Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this)
  • Double click on ‘Request Filtering’
  • Change to the Rules tab
  • From the Actions pane, select ‘Add Filtering Rule’Set the required rules, and press OK to save changes

The rule set in the below screenshot would instruct IIS to check for the provided strings in requests for .asp and .aspx pages. IIS will then block the request if any of these strings are found.

You can also filter requests that contain things like high-bit characters or double escape characters. This and other similar filtering options are explained at http://technet.microsoft.com/en-us/library/hh831621.aspx

Enable logging

Configuring IIS logging will cause IIS to log various information from HTTP requests received by the server. This will come in handy and can give a better understanding of issues that might have occurred on your website when things go wrong. It’s the place where you will start the troubleshooting process in such situations.

The server’s logs can also be continuously or periodically monitored in order to review the server’s performance and provide optimizations if needed. This can be automated using various server monitoring tools. Make sure to keep a backup of the logs. Microsoft also provide Log Parser, which is a tool that can be used to query and retrieve specific data from IIS logs. Additionally, log consolidation tools prove useful for consolidating and archiving data from logs in a more meaningful way.

IIS logging can be enabled and configured from IIS Manager > select the machine name or the specific site you want to configure > Logging. Since these log files might grow quite large, it would be a good idea to start a new file periodically.

Use the Security Configuration Wizard (SCW) and the Security Compliance Manager (SCM)

Both of these Microsoft tools can be used to test your IIS security. The Security Configuration Wizard (SCW) runs different checks and provides advice and recommendations on how to boost your server’s security. The Security Compliance Manager (SCM) tool performs security tests on your server and compares server configurations to predefined templates as per industry best practices and security guide recommendations.

Updates

Finally, ensure that you keep up to date with the latest updates and security patches. It is interesting how often this basic security requirement is missed. The majority of hacks affecting the web server occur on unpatched servers. This just demonstrates how important it is to always keep your IIS web server up to date.

 



IIS 8.0 Hosting Germany - HostForLIFE.eu :: How To Access A Folder With No Default Document

clock October 31, 2015 01:02 by author Rebecca

In this post, I will tell you how to access a folder with no document in IIS. It's easy, just follow these steps:

Step 1

Create a folder called Original--IIS-Files

Step 2

Move all the files into folder Original-IIS-Files

Step 3

Navigate to your web server. By default, the Web Server will render the following message when the folder has no default documents.

And you're done! Simple, right?

HostForLIFE.eu IIS 8.0 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.

 



IIS 8.0 Hosting France - HostForLIFE.eu :: How to Configure DNS Record for Sub Domain

clock October 16, 2015 11:34 by author Rebecca

In this article, I will tell you how to configure DNS record for sub domain.

Step 1

Open your domain control panel then go to DNS manager.

Step 2

Add following A records for domain.com and www.domain.com which point to IIS server IP address:

domain.com  IN A XXX.XXX.XXX.XXX
www.domain.com  IN A XXX.XXX.XXX.XXX
service.domain.com IN A XXX.XXX.XXX.XXX

First two rows will ensure that whenever user browse domain.com or www.domain.com at that time it will be routed to IIS server and rest will be take care by IIS then it will serve public site. The third row in above is important for next step.

Step 3

Now add following wildcard CNAME record:

*.domain.com  IN CNAME service.domain.com

In above wildcard entry ensure that any sub domain request for domain.com will be routed to server which is pointed by service.domain.com.

In IIS setup, you have to edit website binding to include domain.com and www.domain.com as host header, by this way you can tell IIS that any request from domain.com and www.domain.com will be handled by this particular website. So, whenever user browse domain.com or www.domain.com it is serving public website without any problem.

While in case of sub domain it is showing error that “The connection was reset” this is because IIS does not found host header entry for requested domain in any websites. So, you need to add host header entry in service.domain.com website created in IIS setup because service.domain.com is actual website which is going to serve hosted service application when it is browse from sub domain. Use the following code to add host header entry programmatically in IIS:

private string GetWebSiteId(string serverName, string websiteName)

{

    string result = "-1";

 

    DirectoryEntry w3svc = new DirectoryEntry(string.Format("IIS://{0}/w3svc", serverName));

 

    foreach (DirectoryEntry site in w3svc.Children)

    {

        if (site.Properties["ServerComment"] != null)

        {

            if (site.Properties["ServerComment"].Value != null)

            {

                if (string.Compare(site.Properties["ServerComment"].Value.ToString(),

                                        websiteName, true) == 0)

                {

                    result = site.Name;

                    break;

                }

            }

        }

    }

 

    return result;

}

       

private void AddHostHeader(string hostHeader, string websiteID)

{

    DirectoryEntry site = new DirectoryEntry("IIS://localhost/w3svc/" + websiteID);

    PropertyValueCollection serverBindings = site.Properties["ServerBindings"];

 

    serverBindings.Add(hostHeader);

 

    Object[] newList = new Object[serverBindings.Count];

    serverBindings.CopyTo(newList, 0);

 

    site.Properties["ServerBindings"].Value = newList;

    site.CommitChanges();

}  

 

AddHostHeader("127.0.0.1:80:user1.domain.com", GetWebSiteId("localhost", "service.domain.com"));

HostForLIFE.eu IIS 8.0 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.



IIS 8.0 Hosting Ukraine - HostForLIFE.eu :: How to Configure ASP.NET Application on IIS

clock October 13, 2015 12:46 by author Rebecca

In this article, I'm going to explain how to set Windows Authentication to configure ASP.NET application in IIS. To make Windows authorize application you need to make changes in web.config as well as IIS manager.

Configuring Windows Authentication

<system.web>
   <authentication mode="Windows"/>
</system.web>

  1.     Start Internet Information Services (IIS).
  2.     Right-click your application’s virtual directory, and then click Properties.
  3.     Click the Directory Security tab.
  4.     Under Anonymous access and authentication control, click Edit.
  5.     Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.

If you will put Anonymous check box checked then it will not take windows login Id for the user. e.g. string windowsLogin = Page.User.Identity.Name;

Now, your application will work on windows authentication.

Here is the example code:

protected void Page_Load(object sender, EventArgs e)
{
   try
     {
       //Start:
        if (Session["EmployeeCode"] == null)
          {
             string windowsLogin = Page.User.Identity.Name;
             //Check user is valid or not from data base
            //I am putting simple condition by hard code value
            if (windowsLogin=='ValidUser')
                 {
                   Session["EmployeeCode"] = userId;
                 }
             else
                {
                  Session.Abandon();
                  Response.Redirect("InvalidUser.aspx", false);
                }
         //End
     }
    catch (Exception ex)
    {
       //Handel exception here
       Throw;
     }
}

It's done! You will get user from windows credential and check with existing user with database. If user is valid go ahead other wise navigate the user to Invalid page.

HostForLIFE.eu IIS 8.0 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.



About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2012 Hosting, ASP.NET 4.5 Hosting, ASP.NET MVC 5 Hosting, and SQL 2014 Hosting.

Tag cloud

Sign in