Here, we are going to connect with the Docker engine remotely using PowerShell. For this, we can either use our local machine or a VM. Before we proceed further, make sure that your Nano Server is up and running.

Step 1 Downloading the Docker Daemon and extracting them
Create a variable that references the zip file which is in the official docker website. This zip file will have the Docker engine data that is required to create the client and server. Open the PowerShell with administrator privileges and run the below given command.

This will assign the link to that variable named,

$package = "https://download.docker.com/components/engine/windows-server/cs-1.12/docker.zip"

The next step is to invoke a web request to get the link that has been referenced in the variable called. Then, the file will be stored in a temporary storage by getting downloaded from the Docker site. For this, we have to run the following command.
Invoke-WebRequest $package ` -OutFile "$env:TEMP\docker.zip" ` -UseBasicParsing

Now, we shall expand the downloaded zip file to the programming files of our machine. For this, run -
Expand-Archive -Path "$env:TEMP\docker.zip" `
-DestinationPath $env:ProgramFiles

The final step is to create an environment variable that will add the Docker directory to the path daemon. Run the command
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\Docker", [EnvironmentVariableTarget]::Machine)

Nano Server
Now, we have finished installing the Docker (client) and Dcokerd (engine) in "Program Files" folder. Check for these inside the Docker folder.

Step 2 Creating Environment variable to connect Docker easily
Here, Docker is client and Dockerd is engine. Now, we are going to configure an environment variable that will store the DNS name of our Nano Server and connect with it. For this, run the below command.
[Environment]::SetEnvironmentVariable("DOCKER_HOST","nanoserver007.southindia.cloudapp.azure.com",[EnvironmentVariableTarget]::Machine)

Note - Replace the DNS name with your Nano Server DNS or IP.

Now, open the new PowerShell console and run the command "docker version" . This will show you the client (Docker) and engine (Dockerd). This means we have created a connection in between these two services which we have actually downloaded from the Docker website.

In this article, we will learn the most useful and powerful command line tool, AppCmd, for publishing or hosting a website on IIS. Using the AppCmd tool, we can host static as well as a dynamic website (ASP.NET Webform, MVC, Dot Net Core etc) easily.

Description
I assume you are aware of (or have knowledge of) how to Host or Publish Website in IIS using inetmgr. This will help you understand AppCmd.exe.
AppCmd.exe is the command line tool for managing IIS 7 and above. It provides an easy way to manage a website without Graphical User Interface.

Some of the things you can do with AppCmd,

• Create and configure sites, apps, application pools, and virtual directories
• Start and stop sites, and recycle application pools
• Search, manipulate, export, and import IIS and ASP.NET configuration

How to Use AppCmd.exe
The AppCmd.exe command line is built on top of a set of top-level server management objects, such as Site and Application. These objects expose methods that can be used to perform various actions on those objects, and object instances expose properties that can be inspected and manipulated.

AppCmd.exe is located in the %systemroot%\system32\inetsrv\ directory. Because it is not a path of the PATH automatically, you need to use the full path to the executable when executing commands like in %systemroot%\system32\inetsrv\AppCmd.exe list sites. Alternatively, you can manually add the inetsrv directory to the path on your machine so that you can access AppCmd.exe directly from any location.

Note
Run Command Prompt as Administrator to using AppCmd.
In this article, we learn basic command to host websites.

List all available commands and actions in AppCmd
AppCmd
AppCmd /?

From the above screenshot, it is clear that Command Prompt is run as administrator and run AppCmd which return list of supported Command.
List all hosted or published websites in IIS.
    AppCmd List Site

In the above screenshot, I have run List Site command which returns all published site with bindings and state of site e.g. Started or Stop.

Create the website using AppCMD
    APPCMD add site /name:WebByAppCMD /bindings:"http/*:94:" /physicalPath:"C:\Users\Mepani\Desktop\2018 Article\Kendo Grid" -virtualDirectoryDefaults.userName:USERNAME -virtualDirectoryDefaults.password:PASSWORD

For any website hosting we require information as above like Site Name, Bindings (Protocal, hostname), Physical Path, Credential for access or permission to folder path.
Sometimes, if you don't provide access/permission to a physical path then you might be getting Access denied error.
View Newly Hosted or published website
    appcmd.exe list site "WEbByAppCMD"

Start and stop hosted or publish a website
    appcmd.exe start site "WEbByAppCMD"
    appcmd.exe stop site "WEbByAppCMD"

Delete or remove published or hosted website from IIS
    appcmd.exe delete site "WEbByAppCMD"

App CMD Create website
In the above screenshot, we have covered all the above site commands except delete. Possible issue or challenges might be faced during command line website hosting niclude,

• Site name already created
• Port is already in use
• Bad Request -Invalid hostname

Hope you enjoyed this and learned a new way to host or publish a website using AppCmd.

HTTPS is a secure communications channel that is used to exchange information between a client computer and a server. It uses Secure Sockets Layer (SSL). This article describes how to configure the SSL/HTTPS service in Internet Information Services (IIS) and compares this process to the similar process in Apache.

Configuring Your Web Server for SSL
To enable SSL in IIS, you must first obtain a certificate that is used to encrypt and decrypt the information that is transferred over the network. IIS includes its own certificate request tool that you can use to send a certificate request to a certification authority. This tool simplifies the process of obtaining a certificate. If you use Apache, you must obtain the certificate manually.

In both IIS and Apache, you receive a certificate file from the certification authority, which you must configure on the computer. Apache reads the certificate from its source file by using the SSLCACertificateFile directive. However, in IIS, you can configure and manage certificates by using the Directory Security tab of the Web site or folder properties.

You can migrate certificates from Apache to IIS; however, Microsoft recommends that you re-create or obtain a new certificate for IIS.

Configure Folder or Web Site to Use SSL/HTTPS
This procedure assumes that your site has already has a certificate assigned to it.

1. Log on to the Web server computer as an administrator.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools, and then double click Internet Services Manager.
4. Select the Web site from the list of different served sites in the left pane.
5. Right-click the Web site, folder, or file for which you want to configure SSL communication, and then click Properties.
6. Click the Directory Security tab.
7. Click Edit.
8. Click Require secure-channel (SSL) if you want the Web site, folder, or file to require SSL communications.
9. Click Require 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support.
10. To allow users to connect without supplying their own certificate, click Ignore client certificates. Alternatively, to allow a user to supply their own certificate, use Accept client certificates.
11. To configure client mapping, click Enable client certificate mapping, and then click Edit to map client certificates to users. If you configure this functionality, you can map client certificates to individual users in Active Directory. You can use this functionality to automatically identify a user according to the certificate they supplied when they access the Web site. You can map users to certificates on a one-to-one basis (one certificate identifies one user) or you can map many certificates to one user (a list of certificates is matched against a specific user according to specific rules. The first valid match becomes the mapping).
12. Click OK.

This article explains how to enable reverse Domain Name System (DNS) lookup for all versions of Internet Information Services (IIS).

When reverse DNS lookups are enabled on the web server, the IP address of each web client that connects to the IIS server is resolved to a DNS name, and the DNS name instead of the web client IP address is placed in the IIS log files.  Enabling reverse DNS also affects what CGI and ISAPI extensions see as a value of the Remote_Host variable.

Microsoft KB article 297795 gives a step-by-step demonstration how to enable RDNS for IIS4, IIS5 and IIS6, but all you need to do is run the following in a command prompt from the ADScripts folder:

For IIS4 run:

adsutil set w3svc/EnableReverseDNS TRUE

For IIS5 and IIS6 run:

cscript adsutil.vbs set /wesvc/EnableReverseDNS "TRUE"

In IIS7, you must install the IP and Domain Restrictions role service for the Web Server (IIS) role.  You can do this in Server Manager or from the command line using the following command:

ServerManagerCMD -install Web-IP-Security

In Windows Server 2008 R2, the ServerManagerCMD.exe program is deprecated and has been replaced with the ServerManager Powershell cmdlets.  The following two cmdlets are used to install the IP and Domain Restrictions role service:

Import-Module ServerManager
Add-WindowsFeature Web-IP-Security

Now that the role service is installed, you can configure reverse DNS lookups, as follows:

• Open Internet Information Services (IIS) Manager.
• Navigate to the Server Name in the Connections pane.  If you only want to enable reverse lookups on a particular website, navigate to that website.
• Double-click IP Address and Domain Restrictions in the center pane and click Edit Feature Settings in the Actions pane.
• Put a checkmark in Enable domain name restrictions and click OK.

You will see the following warning:

Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance. Are you sure you want to enable restrictions based on domains?

Clicking Yes will enable reverse lookups for all clients connecting to the web server.  I have not noticed any more than a 1-2% increase in CPU performance and the websites are just as performant as before.

Each of these changes go into effect immediately.  There is no need to restart IIS.

The discussion is specific to IIS 7 and later versions. Let's start with version IIS 7.0. It has a built-in feature that is able to filter HTTP requests. If a request is found to have contents which are unacceptable to process the request, then it will block such request there, before proceeding to process a request by a web application. This feature is useful as a mitigation technique, for such SQL Injection vulnerabilities.

Prerequisite
At first, verify the IIS version that you are using currently. If you are using earlier than IIS 7.0, then update with the latest version before applying the following configuration.

Configuring the Request Filter
To create a global filtering rule for SQL Injection, we should follow the below steps:

Step 1
Open the run window by pressing keyboard key Windows key + R and copy and paste the following code
%systemroot%\system32\inetsrv\config\applicationhost.config
 
It will open the applicationhost.config file.

Step 2
In the applicationhost.config file, identify <requestFiltering> section. Under this section, configure for the reserve keywords or reserved special characters, like DELETE, CREATE, UPDATE, INSERT, --,',/* etc. in <denyStrings> section.
Configure the file extensions for which IIS server needs to be validated. The sample code is shown below:

Step 3

Now, to save the file, go to the File menu and choose Save option.

How  does the above configuration behave in the IIS server?

With the above configuration settings, first of all, IIS will look at each incoming request for pages with .html, .aspx, or .asp extensions, to search for specific strings in the request's Query String. If the IIS server finds the specified strings, then IIS will block the request and return a 404: Not Found page to the client.
 
If you want to add a new file extension or change the existing file extensions in applicationhost.config file, you can add/remove the required file extensions in file Extension tags which lies in the <appliesTo> section. Whatever strings you are placing in the <denyStrings> section, the IIS looks for those strings. If it finds those, then it will block the request and return 404 error page to the client. You can add a new string, remove the existing string,  or change the existing string, in the <denyStrings> section.

In fact, in IIS server, you may have hosted many web applications which are running in parallel.
 
Let's say, for one of the web applications, you don't want to deny any string for the incoming request. How will you handle such  a scenario?
 
It is very simple. Create a rule in your application's config file, for which, you want to allow all such strings. If you create a rule in the application's config file, it will override the applicationhost.config file's rule. For instance, if you want to allow the string "end" for only a few applications,  and for the rest of the applications, you want to deny such a string, then follow the below steps:

Step 1: Remove the <add string="end" /> entry from applicationhost.config file.

Step 2: Add the below code into the application's config file where you want to restrict the string "end":

Make a note --  the name for the filteringRule tag must and should be unique and it should not conflict with a name which is in the applicationhost.config file or/and the same name with any other web.config files in the path. And, it is also possible to limit the scope of filtering rules using location tags.

Procedure to check logs for SQL Injection attempts

You can check the SQL injection attempt logs in IIS W3SVC logs section. filteringRule rejects such SQL injection attempts and responds with a 404 status and with a substatus 19. You have to check these logs periodically to make sure that your rule is blocking such SQL Injections for the legitimate requests.

After the configuration changes made in the applicationhost file, if you give the followingURL request in your browser, the following output will show:

http://localhost/OWASP.UI/UnvalidatedRedirectsForwards/ValidatedRedirectsForwards.aspx?returnUrl=http://www.flipkart.com/--

Output

HostForLIFE.eu IIS 10 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

Some of our clients sometimes ask about how to create URL Rewrite on their site. Previously, we have written about how to redirect HTTP to HTTPS in IIS. In this tutorial, we will advise how to create multiple redirection with a URL Rewrite Map.

URL Rewrite Module with IIS 7/IIS 8

Now there’s an easier solution, and one that offers better performance.  Starting with IIS 7 one can implement different kinds of url rewriting and redirecting with ease by using the URL Rewrite Module. The various rules can be configured using the IIS 7 Manager GUI or by directly editing the web.config. To open the URL Rewrite Module simply double click the URL Rewrite icon on your site properties as shown below.

From there you will be able to maintain your existing rules or add new ones as seen in this picture.

This is a pretty easy way to create server-side rules for rewriting and redirecting, but what happens when you have 30 or 40 legacy URLs that need to be redirected to new pages? Do you have to enter each one manually? Of course not. The solution to that is to use a URL Rewrite Map.

URL Rewrite Map

By using a URL Rewrite Map it has never been easier to create and maintain multiple 301 redirects for different pages on your web site.  The rewrite rules are stored in the <system.webServer> section of your web.config so you can quickly make changes as needed.

Here is all the code you need to accomplish this:

<system.webServer>
<rewrite>
<rewriteMaps>
<rewriteMap name=”Redirects”>
<add key=”/test.aspx” value=”/test2.aspx” />
<add key=”/aboutus.aspx” value=”/about” />
</rewriteMap>
</rewriteMaps>
<rules>
<rule name=”Redirect rule1 for Redirects”>
<match url=”.*” />
<conditions>
<add input=”{Redirects:{REQUEST_URI}}” pattern=”(.+)” />
</conditions>
<action type=”Redirect” url=”{C:1}” appendQueryString=”false” />
</rule>
</rules>
</rewrite>
</system.webServer>

In the example above I’m performing a 301 redirect on the test.aspx file to test2.aspx file. There’s also a 301 redirect for the aboutus.aspx file to folder called /about, however, in this case it’s important to note that the /about folder will also need a default page or else a 404 error will result.

As you add more URLs to your Rewrite Map you’ll notice that your web.config can become a bit cluttered. The solution to this will be to store the redirect rules in an external file. Let’s call this file myrewritemaps.config. This file will now contain this code block:

<rewriteMaps>
<rewriteMap name=”Redirects”>
<add key=”/test.aspx” value=”/test2.aspx” />
<add key=”/aboutus.aspx” value=”/about” />
</rewriteMap>
</rewriteMaps>

In your web.config you add the following line of code under the <rewrite> section referencing the external config file:

<rewriteMaps configSource=”myrewritemaps.config” />

Your web.config will now look nice and clean like this:

<system.webServer>
<rewrite>
<rewriteMaps configSource=”myrewritemaps.config” />
<rules>
<rule name=”Redirect rule1 for Redirects”>
<match url=”.*” />
<conditions>
<add input=”{Redirects:{REQUEST_URI}}” pattern=”(.+)” />
</conditions>
<action type=”Redirect” url=”{C:1}” appendQueryString=”false” />
</rule>
</rules>
</rewrite>
</system.webServer>

There is no real limit on how many URLs can be configured for redirecting with the URL Rewrite Map.  You should perform regular search engine analysis to see when the new URLs have been picked up. Once the old URL is no longer indexed and traffic has dropped off you could remove it from your map.

Trace \ Track is a vulnerability that is usually identified on an IIS server when we run PCI compliance and find this vulnerability. A hacker can run a Trace attack on IIS Website and get information about the Backend server and other important information.

In latest versions on IIS (IIS 6.0, 7.5) Trace is disabled by default but still it is good idea to make sure that Trace is disabled on IIS.

Testing if Trace \ Track is Enabled on a IIS website or not

Follow these steps :

1. Go to command Prompt of your Machine.
2. Type telnet <URL of the website> 80 (this will open a telnet session of that website on port 80)
3. Type following commands on the telnet session screen in exact same order: 

    TRACE / HTTP/1.0
    Host: <hostname_you_are_testing>
    TestA: Hello
    TestB: World

4. Press enter twice. 

If Trace is enabled on your server, you should see following results:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Tue, 05 Dec 2016 08:17:15 GMT
    Content-Type: message/http
    Content-Length: 76 

And If you receive following results on the telnet screen, then Trace is enabled :

     HTTP/1.1 501 Not Implemented
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Date: Tue, 06 Dec 2016 09:32:58 GMT
    Content-Length: 1508

    Connection: close

Disabling Trace or Track on IIS

The easiest way to mitigate the risk of Trace \ Track on iis is  : installing URLScan from Microsoft, 
The urlscan.ini file is included as part of URLScan . This sets by default a configuration setting "UseAllowVerbs=1".  In this [AllowVerbs] section of the ini file, only http methods that are allowed are GET, HEAD, and POST so simply by installing URLScan on an IIS server , we can assume that it  protected from TRACE or TRACK.  

One of our clients receive this error message when deploying his ASP.NET application.

“System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.”. Here is how we solved that issue.

There are 3 related and important issues:

1. the remote site uses a Server Name Indication (SNI) certificate, installed on a different domain name
2. the web application was published to a IIS 6.0 (Windows Server 2003) web server
3. a System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. This error message is caused because the process is not able to validate the certificate supplied by the server during an HTTPS (SSL) request

IIS 6.0 + Server Name Indication (SNI) certificates = System.Net.WebException #

A Server Name Indication (SNI) certificate basically means that you can install oneSSL/TLS certificate on a web server, to use on multiple domain names. The TLS part takes the negotiation, and that enables the server to select the correct virtual domain early and present the browser with the certificate containing the correct name. Therefore with clients and servers that support SNI, a single IP address can be used to serve a group of domain names for which it is impractical to get a common certificate.

Windows Server 2003 (IIS 6.0), Windows Server 2008 (IIS 7.0) and Windows Server 2008 R2 (IIS 7.5) do not support SNI-certificates.

How to Solve this Error Message

You might wonder what the solution to this error message was. Well, simple: Move the website to an IIS 8.0+ (Windows Server 2012) web server. This version supports Server Name Indication certificates. Microsoft calls this SSL Scalability in IIS 8.0. Because of SNI, or SSL-scalability, support in Windows Server 2012, the ASP.NET System.Net.WebException went away.

It’s simple, right? :)

European leading web hosting provider, HostForLIFE.eu announces the launch of Visual Studio 2017 Hosting

HostForLIFE.eu was established to cater to an underserved market in the hosting industry; web hosting for customers who want excellent service. HostForLIFE.eu - a cheap, constant uptime, excellent customer service, quality, and also reliable hosting provider in advanced Windows and ASP.NET technology. HostForLIFE.eu proudly announces the availability of the Visual Studio 2017 hosting in their entire servers environment.

The smallest install is just a few hundred megabytes, yet still contains basic code editing support for more than twenty languages along with source code control. Most users will want to install more, and so customer can add one or more 'workloads' that represent common frameworks, languages and platforms - covering everything from .NET desktop development to data science with R, Python and F#.

System administrators can now create an offline layout of Visual Studio that contains all of the content needed to install the product without requiring Internet access. To do so, run the bootstrapper executable associated with the product customer want to make available offline using the --layout [path] switch (e.g. vs_enterprise.exe --layout c:\mylayout). This will download the packages required to install offline. Optionally, customer can specify a locale code for the product languages customer want included (e.g. --lang en-us). If not specified, support for all localized languages will be downloaded.

HostForLIFE.eu hosts its servers in top class data centers that is located in Amsterdam (NL), London (UK), Paris (FR), Frankfurt(DE) and Seattle (US) to guarantee 99.9% network uptime. All data center feature redundancies in network connectivity, power, HVAC, security, and fire suppression. All hosting plans from HostForLIFE.eu include 24×7 support and 30 days money back guarantee. The customers can start hosting their Visual Studio 2017 site on their environment from as just low €3.00/month only.

HostForLIFE.eu is a popular online ASP.NET based hosting service provider catering to those people who face such issues. The company has managed to build a strong client base in a very short period of time. It is known for offering ultra-fast, fully-managed and secured services in the competitive market.

HostForLIFE.eu offers the latest European Visual Studio 2017 hosting installation to all their new and existing customers. The customers can simply deploy their Visual Studio 2017 website via their world-class Control Panel or conventional FTP tool. HostForLIFE.eu is happy to be offering the most up to date Microsoft services and always had a great appreciation for the products that Microsoft offers.

Further information and the full range of features Visual Studio 2017 Hosting can be viewed here http://hostforlife.eu/European-Visual-Studio-2017-Hosting