IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

European IIS 10 Hosting - HostForLIFE.eu :: How to Enable HTTP Strict-Transport-Security (HSTS) on IIS?

clock November 8, 2018 11:23 by author Peter

In this article, we will only show simple tutorial about how to enable and serve HTTP Strict Transport Security (HSTS) response header in IIS.

Definition HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking.

HSTS improves security and prevents man-in-the-middle attacks, downgrade attacks, and cookie-hijacking.

It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.

Therefore, adding a HSTS header is important after you’ve added SSL to your WordPress website, so browsers automatically request your HTTPS address.

All you need to add to your web.configconfiguration file is an Outbound Rule, to rewrite request responses and sending the HTTP Strict Transport Security response header:

<outboundRules>
  <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
    <conditions>
      <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    </conditions>
    <action type="Rewrite" value="max-age=31536000" />
  </rule>
</outboundRules>

HSTS and includeSubdomains #

Do you have your SSL (TLS) certificate on your www. subdomain? Then you need to include it using includeSubdomains. The outboundRules rule then becomes:

<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
  <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
  <conditions>
    <add input="{HTTPS}" pattern="on" ignoreCase="true" />
  </conditions>
  <action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />
</rule>

HSTS header in WordPress functions.php #

You can set a HSTS header through your functions.php theme file as well. For this to happen, you can hook into the send_headers action.

Use the following code in your functions.php to send a HSTS header:

<?php
add_action( 'send_headers', 'saotn_add_hsts_header' );
function saotn_add_hsts_header() {
  header( 'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload' );
}



European IIS 10 Hosting - HostForLIFE.eu :: Briefly Unavailable For Scheduled Maintenance. Check Back In A Minute

clock October 12, 2018 11:22 by author Peter

In this post, we will see how we can get rid of the error “Briefly unavailable for scheduled maintenance. Check back in a minute,” in WordPress. If you are working with WordPress, or your blog or website is made in WordPress, you may face this kind of issue whenever you are updating any plugins or updating the WordPress core. But sometimes, what happens is that even after the update process is finished, your site remains in maintenance mode. Here, I am going to share with you a quick fix, so that you can fix this issue. I hope you will like this.

Background
I always prefer to update my WordPress core and the plugins whenever there is an update. So, I faced the following issue so many times. “Briefly unavailable for scheduled maintenance. Check back in a minute.” 

So, I thought of sharing a quick fix with you for the same.







Here are the steps to remove the error," Briefly unavailable for scheduled maintenance. Check back in a minute".

Step 1: Go to your File Explorer


Step 2: Go to your ftp folder
You can either go to your ftp folder via file explorer or by using an ftp client, like FileZilla.


Step 3: Find the .maintenance file and delete
Check for the .maintenance file in the root folder and delete it.



Now, if you refresh your WordPress site, it will be running fine. Hope it helps.

Conclusion

Did I miss anything that you may think is needed? Did you find this post useful? I hope you liked this article. Please share your valuable suggestions and feedback with me.

Your turn. What do you think?

A blog isn’t a blog without comments. So, comment on it but try to stay on topic. If you have a question unrelated to this post, you’re better off posting it on C# Corner, Code Project, Stack Overflow, Asp.Net Forum instead of commenting here. Tweet or email me a link to your question there and I’ll definitely try to help if I can.



European IIS 10 Hosting - HostForLIFE.eu :: Server And Service Health Check And IP Capture For Bulk Servers

clock October 4, 2018 12:11 by author Peter

This Script will help in checking the below basic functionalities of the Bulk Servers. It will do so during Migration, Patch and Monthly Restart activities
This Script is added with the below functionalities,

  • IP Capture -- >Collects the DNSHostName,Description,DHCPEnabled,IPAddress,IpSubnet,DefaultIPGateway,MACAddress,DNSServerSearchOrder for all Enabled and IP Discovered NICs
  • Services Status -- >It checks all the Services Automatic set and not Stopped services and provides the output.
  • Server Status –- >Checks the Servers reachability and provides the output on screen
  • Server Shutdown/Reboot -- >Checks the server status and perform Bulk Shutdown / Restart at once with Event Description Keyed.

Output Samples

European IIS 10 Hosting



European IIS 10 Hosting - HostForLIFE.eu :: Load Balancing

clock September 26, 2018 11:52 by author Peter

What is Load Balancing ?
Distributing network traffic across multiple servers effectively is called Load Balancing.To meet high volumes, it generally requires adding more servers. Load Balancer routes the client requests to the servers in an optimized way and takes care that no server is overworked. If a new server is added to the group, It will start sending requests to this new server.


Load-Balancing Algorithms
Why did algorithms come into the picture ? Actually Load Balancer selects the server based on two factors,

  • periodically pinging server to check its availability.
  • defined algorithms - based on which load-balancer selects the server.

Algo 1 Least Connection (Default algorithm)
The least connection is the default algorithm to select server. Server which has the least number of active transactions is picked by Load Balancer to handle request. Load Balancer maintains records of transactions for each server. Now discuss this in detail: Let's say all the servers have the same capacity and still some of the servers are overloaded as there may be the situation that the client stayed in those servers for longer duration and connected to other severs for shorter duration. Active connections on the server where client stayed longer will pile up and hence based on the least connection algorithm Load Balancer will route the request in the server with least active connections,

Weighted Least Connections
Now let's consider the above Least Connection algorithm with different server capacities (CPU/RAM etc.). You would definitely want to allocate more requests to the higher capacity server than the lower capacity servers. Weighted Least Connection is the solution.

Let's say there are 2 servers, server 1 and server 2 and server 2 has high configuration.With this algorithm Load balancer will allocate more requests to server 2 to utilize it better. Like Least Connection this also allocates request to the server withthe least number of active connections but the higher configuration server will handle more requests based on the right proportion defined during the Load Balancer setup. Weight proportion is calculated by the server capacity. Server 1 : Capacity X, Server 2 : Capacity : 10X the weight for each server would be 1:10 .


Round Robin
Round Robin is a vastly used and simple algorithm. Load Balancer distributes requests in the cyclic order irrespective of server inefficiencies. There might be the scenario if you don't want to overload any of the servers for some reason, you may use this algorithm to give extra weight to other servers.


Both the Servers are ready to take request, suppose request comes and load-balancer routes to Server 1 then if a second  request comes it will be routed to Server 2. The third and fourth will be routed to Server 1 and 2 respectively in a cyclic order. Even if one of the server has stronger configuration i.e. RAM, CPU etc. As per Round Robin algorithm Load-Balancer will follow the cyclic order.

Algo 4 Weighted Round Robin
Like Round Robin this is also cyclic but the higher configuration server will handle more requests.Rest it is same as Weighted Least connection algorithm i.e. weight would be defined during Load Balancer setup and high weight server will handle more requests.

i.e. if weight proportion to server 1 and server to is 1:10. first 10 requests will go to server and 11th request will go to server 1 and next 10 request will go to server 2 and so on.

Algo 5 IP Hash
This algorithm generates a hash key using client and server IP addresses which means this key would be assigned to client for subsequent requests which assure that the client is routed to the same server that it was using earlier.This algorithm can be used to achieve Session Persistence or Sticky Session.

Session Persistence
In the multiple server environment a user might experience losing cart items during navigation. Persistence session or sticky session is the culprit. As you know Http is a stateless protocol which means in subsequent requests it doesn't maintain any information about the user so to identify server uses client's ip or cookie to track users session. Sticky session is to make sure all the requests goes to the same server which has its user's session tracking information.

Layer 4 & Layer 7 Load Balancing
In Layer 4 Load Balancing , Load balancer decides the server on which it will redirect the requests on the basis of the IP addresses of the origin and destination servers (Network Layer : Layer 3) and the TCP port number of the applications (Transport Layer : Layer 4).

On the other hand Layer 7 Load Balancing decides routing on the basis of OSI Layers 5, 6, and 7 which together makes Http.

 



European IIS 10 Hosting - HostForLIFE.eu :: How To Fix "Unrecognized attribute targetFramework" Error?

clock September 12, 2018 08:50 by author Peter

We may get the following error after publishing a website on IIS.

Parser Error Message
"Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive."

To fix it, we need to follow the below troubleshooting steps.

  1. Check on which .NET version the application is developed. Let's assume, it's .NET 4.0.
  2. Open IIS Manager and find the Application Pool, on which your website is hosted.
  3. Go to that Application Pool and check the .NET version and change it to 4.0 accordingly by clicking on Basic\Advanced Settings.
    If .NET 4.0 is not listed, go ahead and install it.
  4. If it still won't show up, go to command prompt and fire the below command to find a list of ASP.NET versions installed:
    C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -lv

    In the output, if .NET 4.0 is not listed, register it by firing the below command:
    C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regiis.exe -I.
  5. It should show up as .NET 4.0 in the .NET Framework Version dropdown for the application pool.



European IIS Hosting - HostForLIFE.eu :: IIS - A Worker Process Has Requested A Recycle Issue

clock August 8, 2018 09:43 by author Peter
My website recently experienced an issue where one of the servers was throwing some random error. On investigating, I found the below message in the information of event viewer of that server.

IIS, by default, sets application pool to recycle after an interval of 29 hours ( 1740 minutes ). This can cause issues when using in-memory sessions.
 
To resolve this issue, either remove the automatic recycle or change it to a specific time such as 12 AM, depending on your requirement.
  • Open IIS.
  • Go to Application Pool and select the required application pool. Then, click on Recycling on the right sidebar.

  • Select your required setting and save.
 -------------------------------------------------------------------------------------------------------------------------------------------------------
Important point to note is that Website sessions should be designed to not be dependent on IIS restarts or IIS app pool recycles.
--------------------------------------------------------------------------------------------------------------------------------------------------------
More Information - https://technet.microsoft.com/en-us/library/cc735298(v=ws.10).aspx



European IIS 10 Hosting - HostForLIFE.eu :: Configuring Nano Server For Remote Connections

clock July 25, 2018 11:18 by author Peter

Here, we are going to connect with the Docker engine remotely using PowerShell. For this, we can either use our local machine or a VM. Before we proceed further, make sure that your Nano Server is up and running.

Step 1 Downloading the Docker Daemon and extracting them
Create a variable that references the zip file which is in the official docker website. This zip file will have the Docker engine data that is required to create the client and server. Open the PowerShell with administrator privileges and run the below given command.

This will assign the link to that variable named,

$package = "https://download.docker.com/components/engine/windows-server/cs-1.12/docker.zip"

The next step is to invoke a web request to get the link that has been referenced in the variable called. Then, the file will be stored in a temporary storage by getting downloaded from the Docker site. For this, we have to run the following command.
Invoke-WebRequest $package ` -OutFile "$env:TEMP\docker.zip" ` -UseBasicParsing

Now, we shall expand the downloaded zip file to the programming files of our machine. For this, run -
Expand-Archive -Path "$env:TEMP\docker.zip" `
-DestinationPath $env:ProgramFiles


The final step is to create an environment variable that will add the Docker directory to the path daemon. Run the command
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\Docker", [EnvironmentVariableTarget]::Machine)

Nano Server
Now, we have finished installing the Docker (client) and Dcokerd (engine) in "Program Files" folder. Check for these inside the Docker folder.

Step 2 Creating Environment variable to connect Docker easily
Here, Docker is client and Dockerd is engine. Now, we are going to configure an environment variable that will store the DNS name of our Nano Server and connect with it. For this, run the below command.
[Environment]::SetEnvironmentVariable("DOCKER_HOST","nanoserver007.southindia.cloudapp.azure.com",[EnvironmentVariableTarget]::Machine)

Note - Replace the DNS name with your Nano Server DNS or IP.

Now, open the new PowerShell console and run the command "docker version" . This will show you the client (Docker) and engine (Dockerd). This means we have created a connection in between these two services which we have actually downloaded from the Docker website.



European IIS 10 Hosting - HostForLIFE.eu :: Publish Website On IIS Using AppCmd

clock July 18, 2018 11:36 by author Peter

In this article, we will learn the most useful and powerful command line tool, AppCmd, for publishing or hosting a website on IIS. Using the AppCmd tool, we can host static as well as a dynamic website (ASP.NET Webform, MVC, Dot Net Core etc) easily.

Description
I assume you are aware of (or have knowledge of) how to Host or Publish Website in IIS using inetmgr. This will help you understand AppCmd.exe.
AppCmd.exe is the command line tool for managing IIS 7 and above. It provides an easy way to manage a website without Graphical User Interface.

Some of the things you can do with AppCmd,

  • Create and configure sites, apps, application pools, and virtual directories
  • Start and stop sites, and recycle application pools
  • Search, manipulate, export, and import IIS and ASP.NET configuration


How to Use AppCmd.exe
The AppCmd.exe command line is built on top of a set of top-level server management objects, such as Site and Application. These objects expose methods that can be used to perform various actions on those objects, and object instances expose properties that can be inspected and manipulated.

AppCmd.exe is located in the %systemroot%\system32\inetsrv\ directory. Because it is not a path of the PATH automatically, you need to use the full path to the executable when executing commands like in %systemroot%\system32\inetsrv\AppCmd.exe list sites. Alternatively, you can manually add the inetsrv directory to the path on your machine so that you can access AppCmd.exe directly from any location.

Note
Run Command Prompt as Administrator to using AppCmd.
In this article, we learn basic command to host websites.

List all available commands and actions in AppCmd
AppCmd
AppCmd /?

From the above screenshot, it is clear that Command Prompt is run as administrator and run AppCmd which return list of supported Command.
List all hosted or published websites in IIS.
    AppCmd List Site

In the above screenshot, I have run List Site command which returns all published site with bindings and state of site e.g. Started or Stop.

Create the website using AppCMD
    APPCMD add site /name:WebByAppCMD /bindings:"http/*:94:" /physicalPath:"C:\Users\Mepani\Desktop\2018 Article\Kendo Grid" -virtualDirectoryDefaults.userName:USERNAME -virtualDirectoryDefaults.password:PASSWORD

For any website hosting we require information as above like Site Name, Bindings (Protocal, hostname), Physical Path, Credential for access or permission to folder path.
Sometimes, if you don't provide access/permission to a physical path then you might be getting Access denied error.
View Newly Hosted or published website
    appcmd.exe list site "WEbByAppCMD"

Start and stop hosted or publish a website
    appcmd.exe start site "WEbByAppCMD"
    appcmd.exe stop site "WEbByAppCMD"


Delete or remove published or hosted website from IIS
    appcmd.exe delete site "WEbByAppCMD"

App CMD Create website
In the above screenshot, we have covered all the above site commands except delete. Possible issue or challenges might be faced during command line website hosting niclude,

  • Site name already created
  • Port is already in use
  • Bad Request -Invalid hostname

Hope you enjoyed this and learned a new way to host or publish a website using AppCmd.

 



European IIS Hosting - HostForLIFE.eu :: Setting Up an HTTPS Service in IIS

clock July 11, 2018 11:52 by author Peter

HTTPS is a secure communications channel that is used to exchange information between a client computer and a server. It uses Secure Sockets Layer (SSL). This article describes how to configure the SSL/HTTPS service in Internet Information Services (IIS) and compares this process to the similar process in Apache.

Configuring Your Web Server for SSL
To enable SSL in IIS, you must first obtain a certificate that is used to encrypt and decrypt the information that is transferred over the network. IIS includes its own certificate request tool that you can use to send a certificate request to a certification authority. This tool simplifies the process of obtaining a certificate. If you use Apache, you must obtain the certificate manually.

In both IIS and Apache, you receive a certificate file from the certification authority, which you must configure on the computer. Apache reads the certificate from its source file by using the SSLCACertificateFile directive. However, in IIS, you can configure and manage certificates by using the Directory Security tab of the Web site or folder properties.

You can migrate certificates from Apache to IIS; however, Microsoft recommends that you re-create or obtain a new certificate for IIS.

Configure Folder or Web Site to Use SSL/HTTPS
This procedure assumes that your site has already has a certificate assigned to it.

  1. Log on to the Web server computer as an administrator.
  2. Click Start, point to Settings, and then click Control Panel.
  3. Double-click Administrative Tools, and then double click Internet Services Manager.
  4. Select the Web site from the list of different served sites in the left pane.
  5. Right-click the Web site, folder, or file for which you want to configure SSL communication, and then click Properties.
  6. Click the Directory Security tab.
  7. Click Edit.
  8. Click Require secure-channel (SSL) if you want the Web site, folder, or file to require SSL communications.
  9. Click Require 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support.
  10. To allow users to connect without supplying their own certificate, click Ignore client certificates. Alternatively, to allow a user to supply their own certificate, use Accept client certificates.
  11. To configure client mapping, click Enable client certificate mapping, and then click Edit to map client certificates to users. If you configure this functionality, you can map client certificates to individual users in Active Directory. You can use this functionality to automatically identify a user according to the certificate they supplied when they access the Web site. You can map users to certificates on a one-to-one basis (one certificate identifies one user) or you can map many certificates to one user (a list of certificates is matched against a specific user according to specific rules. The first valid match becomes the mapping).
  12. Click OK.



European IIS Hosting - HostForLIFE.eu :: How to Enable Reverse DNS Lookup in IIS

clock February 21, 2017 10:37 by author Scott

This article explains how to enable reverse Domain Name System (DNS) lookup for all versions of Internet Information Services (IIS).

When reverse DNS lookups are enabled on the web server, the IP address of each web client that connects to the IIS server is resolved to a DNS name, and the DNS name instead of the web client IP address is placed in the IIS log files.  Enabling reverse DNS also affects what CGI and ISAPI extensions see as a value of the Remote_Host variable.

Microsoft KB article 297795 gives a step-by-step demonstration how to enable RDNS for IIS4, IIS5 and IIS6, but all you need to do is run the following in a command prompt from the ADScripts folder:

For IIS4 run:

adsutil set w3svc/EnableReverseDNS TRUE

For IIS5 and IIS6 run:

cscript adsutil.vbs set /wesvc/EnableReverseDNS "TRUE"

In IIS7, you must install the IP and Domain Restrictions role service for the Web Server (IIS) role.  You can do this in Server Manager or from the command line using the following command:

ServerManagerCMD -install Web-IP-Security

In Windows Server 2008 R2, the ServerManagerCMD.exe program is deprecated and has been replaced with the ServerManager Powershell cmdlets.  The following two cmdlets are used to install the IP and Domain Restrictions role service:

Import-Module ServerManager
Add-WindowsFeature Web-IP-Security

Now that the role service is installed, you can configure reverse DNS lookups, as follows:

  • Open Internet Information Services (IIS) Manager.
  • Navigate to the Server Name in the Connections pane.  If you only want to enable reverse lookups on a particular website, navigate to that website.
  • Double-click IP Address and Domain Restrictions in the center pane and click Edit Feature Settings in the Actions pane.
  • Put a checkmark in Enable domain name restrictions and click OK.

You will see the following warning:

Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance. Are you sure you want to enable restrictions based on domains?

Clicking Yes will enable reverse lookups for all clients connecting to the web server.  I have not noticed any more than a 1-2% increase in CPU performance and the websites are just as performant as before.

Each of these changes go into effect immediately.  There is no need to restart IIS.



About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2016 Hosting, ASP.NET Core 2.2.1 Hosting, ASP.NET MVC 6 Hosting and SQL 2017 Hosting.


Tag cloud

Sign in