IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

IIS 8 Hosting - HostForLIFE.eu :: Using PHP runtime with IIS

clock January 6, 2015 06:23 by author Peter

In this post, I will tell you about using the PHP Runtime with IIS 8. First step you must do is download PHP. Download the "Non Thread Safe" distributive from the download page of the PHP Web webpage and install it utilizing the installer. On the off chance that you utilize a x86 server you may download an older version of PHP, yet in the event that you utilize a x64 server you can utilize just PHP 5.5.

Arrange IIS to run PHP using the accompanying guideline:
Verify that you Don’t select the "Webdav Publishing" part amid design.

Enable SSL and SOAP in PHP
Open the php.ini file in the folder where you have installed PHP.
Find and uncomment the lines below:
extension_dir = "ext"

Install "URL Rewrite"
Install the "URL Rewrite" Module from IIS Application Gallery on the off chance that you utilize IIS 8 or IIS 8.5 or download and install it physically from http://www.iis.net/downloads/microsoft/url-rewrite

Make endpoint

  • Make an endpoint and design URL mapping for every APS Application API.
  • Make a site on IIS which indicates the organizer where the endpoint's records are spotted.
  • Arrange redirection for every APS administration to the relating PHP script.

You may utilize the accompanying sample of Web.config which demonstrates to design the redirection from administration Urls "/applications" and "/associations" to "applications.php" and "organizations.php" respectively:
<?xml version="1.0" encoding="UTF-8"?>
                <rule name="APS Application API" stopProcessing="true">
                    <match url="([_0-9a-zA-Z\-]+)(.*)" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{R:1}" pattern="^applications$" />
                        <add input="{R:1}" pattern="^organizations$" />
                    <action type="Rewrite" url="{R:1}.php{R:2}" logRewrittenUrl="true" />

IIS 8.0 Hosting UK - HostForLIFE.eu :: Disable Client Certificate Revocation (CRL) Checking in IIS 8

clock December 17, 2014 05:20 by author Peter

At this post, I will explain you how to disable Client Certificate Revocation (CRL) Checking in IIS 8. The Public Key Infrastructure (PKI) is an important because certificates are used in so many scenarios when testing Microsoft products and technologies. And one of the trickiest parts of PKI is availability of the Certificate Revocation List (CRL). That is because some solutions require a successful CRL check and some don’t. The problem is that Microsoft documentation doesn’t always make it clear which is the case for a particular scenario, so you end up having to guess whether it is required or not (or worse, going through the entire configuration process and finding that it doesn’t work).

When performing on a system with no internet access it's vital to confirm that CRL checking is disabled. If not disabled you'll always receive a 403.13 error once coming.

And here is the code to Show All Binding and Their Verify Client Certificate Revocation Setting:
netsh http show sslcert

Code for Delete SNI Binding:
netsh http delete sslcert hostnameport=www.yourwebsite.com:443

This is code for Add SNI Binding:
netsh http add sslcert hostnameport=www.yourwebsite.com:443 certhash=78dd6cc2bf5785a123654d1d789c530fcb5687c2 appid={3cc2a456-a78c-2cc9-bcc9-782bc83bb789} certstorename=My verifyclientcertrevocation=disable

Hope this tutorial works for you!

IIS 8.0 Hosting Belgium - HostForLIFE.eu :: Got an Issue on PowerShell AppPool Assignment

clock December 10, 2014 07:13 by author Peter

The WebAdministration module has a Function called IIS :. It basically acts as a drive letter or an uri protocol. The extremely convenient and makes accessing appPool, site info, and ssl bindings simple. I recently noticed 2 issues with assigning values with the IIS : protocol as well as objects and that is works along with :

StartMode Can’t Be Set Directly
For a few cause, utilizing Set-ItemProperty to line the startMode value directly throws an error. However, in case you retrieve the appPool into your variable and established the value using an = operator, every thing works good.

# https://connect.microsoft.com/PowerShell/feedbackdetail/view/1023778/webadministration-apppool-startmode-cant-be-set-directly
ipmo webadministration 
New-WebAppPool "delete.me" 
Set-ItemProperty IIS:\AppPools\delete.me startMode "AlwaysRunning" # throws an error 
$a = Get-Item IIS:\AppPools\delete.me
$a.startMode = "AlwaysRunning"
Set-Item IIS:\AppPools\delete.me $a # works

Here is the error that gets thrown:
Set-ItemProperty : AlwaysRunning is not a valid value for Int32.
At C:\Issue-PowershellThrowsErrorOnAppPoolStartMode.ps1:6 char:1
+ Set-ItemProperty IIS:\AppPools\delete.me startMode "AlwaysRunning" # throws an e ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-ItemProperty], Exception
    + FullyQualifiedErrorId :

CPU’s resetLimit Can’t Immediately Use New-TimeSpan’s Result
I believe the example can show the trouble much better than I will describe it :
# https://connect.microsoft.com/PowerShell/feedbackdetail/view/1023785/webadministration-apppools-cpu-limit-interval-resetlimit-cant-be-set-directly
ipmo webadministration 
New-WebAppPool "delete.me" 
$a = Get-ItemProperty IIS:\AppPools\delete.me cpu
$a.resetInterval = New-TimeSpan -Minutes 4 # this will throw an error
Set-ItemProperty IIS:\AppPools\delete.me cpu $a 
$a = Get-ItemProperty IIS:\AppPools\delete.me cpu
$k = New-TimeSpan -Minutes 4 # this will work
$a.resetInterval = $k
Set-ItemProperty IIS:\AppPools\delete.me cpu $a

And Here is the error that gets thrown:
Set-ItemProperty : Specified cast is not valid.
At C:\Issue-PowershellThrowsErrorOnCpuLimitReset.ps1:8 char:1
+ Set-ItemProperty IIS:\AppPools\delete.me cpu $a
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-ItemProperty], InvalidCastException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

The links on every section correspond with bug reports for the problems, thus hopefully they can get looked into.

IIS 8.0 Hosting UK - HostForLIFE.eu :: How To Eliminate Unnecessary HTTP Headers in IIS 7.5 or 8.0 ?

clock December 4, 2014 06:50 by author Peter

IIS loves to inform the world that the web site runs on IIS, it does so using the Server response header as shown beneath. During this article I’ll show you how you can rewrite and eliminate unwanted response headers in IIS, as a result of we don’t need to provide hackers a lot of info concerning our servers.

The response of a standard HTTP HEAD appearance such as:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:05:34 GMT
Connection: close

And right listed below IIS shows the version info by using the Server response header. As using the ETag header, you are able to rewrite and empty this Server response header along with an IIS URL Rewrite outboundRule:
  <outboundRules rewriteBeforeCache="true">
    <rule name="Remove Server header">
      <match serverVariable="RESPONSE_Server" pattern=".+" />
      <action type="Rewrite" value="" />

The outboundRule looks for Server inside the output response stream and rewrites the value along with nothing. The end result is an empty Server response header line:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:06:08 GMT
Connection: close

Rewrite Server : Microsoft-IIS/8. 0 with your personal information
The enjoyable section of rewriting response headers is that you may show your own string, for instance giving in an value inside the Rewrite action, which message is displayed:
<action type="Rewrite" value="europeanwindowshosting" />

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Saotn Server Software systems, LTD.
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 11:19:16 GMT
Connection: close

Eliminate X-Powered-By header in IIS utilizing customHeaders
By default IIS tells the world it’s powered by ASP. NET, by putting an X-Powered-By header:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: ASP.NET
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:07:37 GMT
Connection: close

This response header could be removed having a customHeaders setting in web. config, placed inside the node:
    <remove name="X-Powered-By" />

Currently the X-Powered-By header is removed from the response header output:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:10:02 GMT
Connection: close

X-AspNet-Version HTTP header
The X-AspNet-Version HTTP Header broadcasts to the world what version of ASP.NET has been used. Add the listed content inside node with your application’s web. config file:
<httpRuntime enableVersionHeader="false" />

Eliminate HTTP headers in global.asax
ASP.NET programmers can also eliminate or change server HTTP response headers through a global.asax file With your global.asax.cs add this :
protected void Application_PreSendRequestHeaders()
  // Response.Headers.Remove("Server");
 Response.Headers.Set("Server","My httpd server");

IIS 8 Hosting UK - HostForLIFE.eu :: How to use FTP User Isolation in IIS 8?

clock December 3, 2014 05:09 by author Peter

When IIS 7 was released the FTP service were totally redesigned from the bottom up along with security on your mind. This was a welcome change indeed from IIS 6. Along with supporting FTP more than SSL it introduced FTP User Isolation.

Multiple users on a similar FTP website could possibly be separated no matter that file path they had been becoming logged into without risk of somebody traversing up parent paths with other user folders.

The FTP Authorization guidelines cause it to be simple to determine multiple users or perhaps local groups to get access to the FTP server. The user isolation is achieved by making a virtual directory referred to as LocalUser then selecting User name directory (disable global virtual directories). The LocalUser virtual directory ought to purpose towards the FTP root directory then you build a separate virtual directory for every FTP user that points to their destination path.

Along with FTP User Isolation configured your users can never have the ability to transfer up as much as a parent path beyond their individual root directory. Even if a user were able to accurately guess the username and virtual path of another FTP account upon the server they won't have the ability to achieve it. Because of the confines from the isolation the FTP session can not notice anything upon the server. In the illustration down below I login along with local account ftpuser2 and plan to change the path to/ftpuser1 but that path doesn't exist and hence isn't accessible to my user.

IIS 8 on Windows Server 2012 provides the foremost secure FTP service of any IIS version to day. You've multiple layers of FTP security accessible by leveraging FTP Logon Attempt Restrictions, FTP Over SSL, and FTP User Isolation. Your FTP server will certainly be nicely protected using these built-in modules. Along with internet security there isn't any ‘patch’ for complacence. A lot of security is usually much better so implement it when it’s readily accessible for you.

IIS 8.0 Hosting UK – HostForLIFE.eu :: How to Enable Compression for HTTP 1.0 Request ?

clock November 20, 2014 06:45 by author Peter

Recently I'd been a web hosting in this blog. Throughout the integration I found which default IIS 8.0 configuration don't compress static source when requested along with HTTP 1. 0. Thus in this quick & brief article we'll notice how you can enable static source compression for HTTP 1. 0 request in IIS.

So I made a decision to look into IIS 8.0 log and I found that uses HTTP 1. 0 to request custom origin server.

I didn't anticipated HTTP 1. 0 request here thus once again I requested origin server along with HTTP 1. 0 using fiddler and also as a surprise IIS returned un-compressed response. In IIS by default compression for HTTP 1. 0 request is disabled. We have to explicitly enable compression for HTTP 1. 0 request. To Allow compression for HTTP 1. 0 request we have to alter web. config as beneath.

<httpCompression noCompressionForHttp10="false" noCompressionForProxies="false">

When changing web. config as above, IIS started to server compressed response for HTTP 1. 0. Hope this quick and brief publish could be useful !

IIS 8.0 Hosting with France Data Center - HostForLIFE.eu :: Dynamic IP Address & Domains Restrictions on IIS 8.0

clock November 19, 2014 05:17 by author Peter

Just before IIS 8. 0, server administrators may permit or deny accessibility for particular IP address or range of IP addresses. Other then still acquiring IP address that trigger mass attack was tedious process for server administrator because it involve analyzing IIS 8 log periodically and manually add it to deny record whether it found new IP address.

An answer to above issue is instead of blocking IP based mostly on addresses, we must block IP primarily based on it is activity. For example, maximum no of concurrent request, total no of request in excess of a time period, and many others. Sure this really is wherever IIS 8. 0 and Dynamic IP Addresses & Domains Restrictions are available in picture. Dynamic IP Addresses & Domains Restrictions attribute of IIS 8. 0 allow administrators to block IP based mostly on it is activity.

Blocking access based mostly on no of requests in IIS 8
First, Open up IIS manager and navigate to web page for that you desire to configure and click on IP Address and Domain Restrictions function.

Next step, click Edit Dynamic Restriction Settings... link in action pane as shown on the picture below.

Select on it will open up the dialog box that permits you to configure dynamic IP blocking. There will be 2 choices to block IP based mostly on his activity.

Maximum no of concurrent requests
This setting ensures that in case concurrent requests of any IP address exceed than configured limit then IIS won't serve which ask for and it'll deny.

Maximum no of requests more than a period of time
This setting ensures that in case any IP address sends additional requests than authorized limit among specified time then IIS won't serve which ask for and it'll deny. For e. g. as shown in above image in the event any IP can deliver greater than 20 requests among 200 milliseconds then IIS can deny to serve request.

Response behavior when denying requests
To configure response behavior when denying any requests in IIS 8, click on Edit Feature Settings... link in action pane on right side bar.

In beneath image we will notice available deny action type while denying any requests. These are generally Unauthorized, Forbidden, Not Found, and Abort. Based mostly for this settings IIS can deliver response along with respective HTTP status code.

Dynamic IP restrictions and Proxy
Many clients are accessing web sites through a number of proxy server ; during this case it might happen IIS might obtain same IP altogether requests though it is asked for by totally different client. To address this condition, we will configure IIS 8 to examine x-forwarded-for HTTP header. To allow this just check Enable Proxy Mode checkbox as displayed in subsequent image.

Thus in nutshell, we will claim that Dynamic IP address and domain restrictions feature of IIS 8 adds security improvements towards the web site by blocking mass requests from one client.

About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2012 Hosting, ASP.NET 4.5 Hosting, ASP.NET MVC 5 Hosting, and SQL 2014 Hosting.

Tag cloud

Sign in