IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

IIS 8 Hosting - HostForLIFE.eu :: Using PHP runtime with IIS

clock January 6, 2015 06:23 by author Peter

In this post, I will tell you about using the PHP Runtime with IIS 8. First step you must do is download PHP. Download the "Non Thread Safe" distributive from the download page of the PHP Web webpage and install it utilizing the installer. On the off chance that you utilize a x86 server you may download an older version of PHP, yet in the event that you utilize a x64 server you can utilize just PHP 5.5.

Arrange IIS to run PHP using the accompanying guideline:
Verify that you Don’t select the "Webdav Publishing" part amid design.

Enable SSL and SOAP in PHP
Open the php.ini file in the folder where you have installed PHP.
Find and uncomment the lines below:
extension_dir = "ext"
extension=php_soap.dll
extension=php_openssl.dll

Install "URL Rewrite"
Install the "URL Rewrite" Module from IIS Application Gallery on the off chance that you utilize IIS 8 or IIS 8.5 or download and install it physically from http://www.iis.net/downloads/microsoft/url-rewrite

Make endpoint

  • Make an endpoint and design URL mapping for every APS Application API.
  • Make a site on IIS which indicates the organizer where the endpoint's records are spotted.
  • Arrange redirection for every APS administration to the relating PHP script.

You may utilize the accompanying sample of Web.config which demonstrates to design the redirection from administration Urls "/applications" and "/associations" to "applications.php" and "organizations.php" respectively:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
       <rewrite>
           <rules>
                <rule name="APS Application API" stopProcessing="true">
                    <match url="([_0-9a-zA-Z\-]+)(.*)" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{R:1}" pattern="^applications$" />
                        <add input="{R:1}" pattern="^organizations$" />
                   </conditions>
                    <action type="Rewrite" url="{R:1}.php{R:2}" logRewrittenUrl="true" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>



IIS 8.0 Hosting UK - HostForLIFE.eu :: Disable Client Certificate Revocation (CRL) Checking in IIS 8

clock December 17, 2014 05:20 by author Peter

At this post, I will explain you how to disable Client Certificate Revocation (CRL) Checking in IIS 8. The Public Key Infrastructure (PKI) is an important because certificates are used in so many scenarios when testing Microsoft products and technologies. And one of the trickiest parts of PKI is availability of the Certificate Revocation List (CRL). That is because some solutions require a successful CRL check and some don’t. The problem is that Microsoft documentation doesn’t always make it clear which is the case for a particular scenario, so you end up having to guess whether it is required or not (or worse, going through the entire configuration process and finding that it doesn’t work).

When performing on a system with no internet access it's vital to confirm that CRL checking is disabled. If not disabled you'll always receive a 403.13 error once coming.

And here is the code to Show All Binding and Their Verify Client Certificate Revocation Setting:
netsh http show sslcert

Code for Delete SNI Binding:
netsh http delete sslcert hostnameport=www.yourwebsite.com:443

This is code for Add SNI Binding:
netsh http add sslcert hostnameport=www.yourwebsite.com:443 certhash=78dd6cc2bf5785a123654d1d789c530fcb5687c2 appid={3cc2a456-a78c-2cc9-bcc9-782bc83bb789} certstorename=My verifyclientcertrevocation=disable

Hope this tutorial works for you!



IIS 8.0 Hosting Belgium - HostForLIFE.eu :: Got an Issue on PowerShell AppPool Assignment

clock December 10, 2014 07:13 by author Peter

The WebAdministration module has a Function called IIS :. It basically acts as a drive letter or an uri protocol. The extremely convenient and makes accessing appPool, site info, and ssl bindings simple. I recently noticed 2 issues with assigning values with the IIS : protocol as well as objects and that is works along with :

StartMode Can’t Be Set Directly
For a few cause, utilizing Set-ItemProperty to line the startMode value directly throws an error. However, in case you retrieve the appPool into your variable and established the value using an = operator, every thing works good.

# https://connect.microsoft.com/PowerShell/feedbackdetail/view/1023778/webadministration-apppool-startmode-cant-be-set-directly
ipmo webadministration 
New-WebAppPool "delete.me" 
Set-ItemProperty IIS:\AppPools\delete.me startMode "AlwaysRunning" # throws an error 
$a = Get-Item IIS:\AppPools\delete.me
$a.startMode = "AlwaysRunning"
Set-Item IIS:\AppPools\delete.me $a # works

Here is the error that gets thrown:
Set-ItemProperty : AlwaysRunning is not a valid value for Int32.
At C:\Issue-PowershellThrowsErrorOnAppPoolStartMode.ps1:6 char:1
+ Set-ItemProperty IIS:\AppPools\delete.me startMode "AlwaysRunning" # throws an e ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-ItemProperty], Exception
    + FullyQualifiedErrorId :
System.Exception,Microsoft.PowerShell.Commands.SetItemPropertyCommand


CPU’s resetLimit Can’t Immediately Use New-TimeSpan’s Result
I believe the example can show the trouble much better than I will describe it :
# https://connect.microsoft.com/PowerShell/feedbackdetail/view/1023785/webadministration-apppools-cpu-limit-interval-resetlimit-cant-be-set-directly
ipmo webadministration 
New-WebAppPool "delete.me" 
$a = Get-ItemProperty IIS:\AppPools\delete.me cpu
$a.resetInterval = New-TimeSpan -Minutes 4 # this will throw an error
Set-ItemProperty IIS:\AppPools\delete.me cpu $a 
$a = Get-ItemProperty IIS:\AppPools\delete.me cpu
$k = New-TimeSpan -Minutes 4 # this will work
$a.resetInterval = $k
Set-ItemProperty IIS:\AppPools\delete.me cpu $a

And Here is the error that gets thrown:
Set-ItemProperty : Specified cast is not valid.
At C:\Issue-PowershellThrowsErrorOnCpuLimitReset.ps1:8 char:1
+ Set-ItemProperty IIS:\AppPools\delete.me cpu $a
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-ItemProperty], InvalidCastException
    + FullyQualifiedErrorId : System.InvalidCastException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

The links on every section correspond with bug reports for the problems, thus hopefully they can get looked into.



IIS 8.0 Hosting UK - HostForLIFE.eu :: How To Eliminate Unnecessary HTTP Headers in IIS 7.5 or 8.0 ?

clock December 4, 2014 06:50 by author Peter

IIS loves to inform the world that the web site runs on IIS, it does so using the Server response header as shown beneath. During this article I’ll show you how you can rewrite and eliminate unwanted response headers in IIS, as a result of we don’t need to provide hackers a lot of info concerning our servers.

The response of a standard HTTP HEAD appearance such as:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:05:34 GMT
Connection: close

And right listed below IIS shows the version info by using the Server response header. As using the ETag header, you are able to rewrite and empty this Server response header along with an IIS URL Rewrite outboundRule:
<rewrite>           
  <outboundRules rewriteBeforeCache="true">
    <rule name="Remove Server header">
      <match serverVariable="RESPONSE_Server" pattern=".+" />
      <action type="Rewrite" value="" />
    </rule>
  </outboundRules>
</rewrite>

The outboundRule looks for Server inside the output response stream and rewrites the value along with nothing. The end result is an empty Server response header line:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server:
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:06:08 GMT
Connection: close


Rewrite Server : Microsoft-IIS/8. 0 with your personal information
The enjoyable section of rewriting response headers is that you may show your own string, for instance giving in an value inside the Rewrite action, which message is displayed:
<action type="Rewrite" value="europeanwindowshosting" />

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Saotn Server Software systems, LTD.
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 11:19:16 GMT
Connection: close

Eliminate X-Powered-By header in IIS utilizing customHeaders
By default IIS tells the world it’s powered by ASP. NET, by putting an X-Powered-By header:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server:
X-Powered-By: ASP.NET
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:07:37 GMT
Connection: close


This response header could be removed having a customHeaders setting in web. config, placed inside the node:
<httpProtocol>
  <customHeaders>
    <remove name="X-Powered-By" />
  </customHeaders>
</httpProtocol>


Currently the X-Powered-By header is removed from the response header output:
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server:
X-UA-Compatible: IE=Edge,chrome=1
Date: Thu, 04 Dec 2014 10:10:02 GMT
Connection: close

X-AspNet-Version HTTP header
The X-AspNet-Version HTTP Header broadcasts to the world what version of ASP.NET has been used. Add the listed content inside node with your application’s web. config file:
<httpRuntime enableVersionHeader="false" />

Eliminate HTTP headers in global.asax
ASP.NET programmers can also eliminate or change server HTTP response headers through a global.asax file With your global.asax.cs add this :
protected void Application_PreSendRequestHeaders()
{
  // Response.Headers.Remove("Server");
 Response.Headers.Set("Server","My httpd server");
  Response.Headers.Remove("X-AspNet-Version");
  Response.Headers.Remove("X-AspNetMvc-Version");
}



IIS 8 Hosting UK - HostForLIFE.eu :: How to use FTP User Isolation in IIS 8?

clock December 3, 2014 05:09 by author Peter

When IIS 7 was released the FTP service were totally redesigned from the bottom up along with security on your mind. This was a welcome change indeed from IIS 6. Along with supporting FTP more than SSL it introduced FTP User Isolation.

Multiple users on a similar FTP website could possibly be separated no matter that file path they had been becoming logged into without risk of somebody traversing up parent paths with other user folders.

The FTP Authorization guidelines cause it to be simple to determine multiple users or perhaps local groups to get access to the FTP server. The user isolation is achieved by making a virtual directory referred to as LocalUser then selecting User name directory (disable global virtual directories). The LocalUser virtual directory ought to purpose towards the FTP root directory then you build a separate virtual directory for every FTP user that points to their destination path.

Along with FTP User Isolation configured your users can never have the ability to transfer up as much as a parent path beyond their individual root directory. Even if a user were able to accurately guess the username and virtual path of another FTP account upon the server they won't have the ability to achieve it. Because of the confines from the isolation the FTP session can not notice anything upon the server. In the illustration down below I login along with local account ftpuser2 and plan to change the path to/ftpuser1 but that path doesn't exist and hence isn't accessible to my user.

Conclusion
IIS 8 on Windows Server 2012 provides the foremost secure FTP service of any IIS version to day. You've multiple layers of FTP security accessible by leveraging FTP Logon Attempt Restrictions, FTP Over SSL, and FTP User Isolation. Your FTP server will certainly be nicely protected using these built-in modules. Along with internet security there isn't any ‘patch’ for complacence. A lot of security is usually much better so implement it when it’s readily accessible for you.



About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2012 Hosting, ASP.NET 4.5 Hosting, ASP.NET MVC 5 Hosting, and SQL 2014 Hosting.

Tag cloud

Sign in