URL rewrite module provides a rule-based rewriting mechanism for changing requested URL’s before they get processed by web server.
The Microsoft URL Rewrite Module 1.1 for IIS 7 provides flexible rules-based rewrite engine that can be used to perform broad spectrum of URL manipulation tasks, including, but not limited to:
- Enabling user friendly and search engine friendly URL with dynamic web applications;
- Rewriting URL’s based on HTTP headers and server variables;
- Web site content handling;
- Controlling access to web site content based on URL segments or request metadata.
Download details URL Rewrite Module 1.1 for IIS 7 (x86)
Download Details URL Rewrite Module 1.1 for IIS 7 (x64)
More info see IIS.net URL Rewrite.
The IIS team has made the URL Rewrite Module for IIS 7.0 Release To Web (RTW) available for download. This is a final, production-ready release that is officially supported by Microsoft.
Overview
URL rewrite module provides a rule-based rewriting mechanism for changing requested URL’s before they get processed by web server. The module can be used to express URL rewriting logic that can use regular expressions or wildcards and can make rewriting decisions based on HTTP headers and server variables. While the primary purpose of the module is to rewrite requested URL’s, it also has functionality to perform redirects, send custom responses or abort requests based on the logic expressed in the rewrite rules. In the end this means more Search Engine Friendly (SEF) URLs, something used in a lot of web applications like WordPress, Drupal, Joomla, just to list a few, there’s already some documentation from Microsoft on how to enable pretty Permalinks in WordPress.
Benefits
The Microsoft URL Rewrite Module for IIS 7.0 provides flexible rules-based rewrite engine that can be used to perform broad spectrum of URL manipulation tasks, including, but not limited to:
- Enabling user friendly and search engine friendly URL with dynamic web applications
- Rewriting URL’s based on HTTP headers and server variables
- Web site content management
- Controlling access to web site content
Download
More info
More information and a full feature list at Ruslans Blog.
Stumpled across a interesting new module for IIS 7.0: Helicon APE (APache Emulation) by Helicon Tech, currently in beta and available for download.
Helicon Ape is a unique module that emulates Apache execution environment on Microsoft IIS. It literally implements Apache configuration model (like .htaccess and httpd.conf files) and all most demanded Apache modules in a single IIS add-on, not only making IIS compatible with Apache, but also extending it’s functionality by a number of highly essential features.
Key features of Helicon APE:
- compatibility with Apache modules configurations (beta version includes only basic modules but the list will be extending with future releases)
- unprecedented compatibility with PHP-based applications;
- user-friendly interface and plain text configurations (no XML!)
- per-site installation without hosting administration involvement/assistance
- powerful and flexible modules for URL rewriting
- extensive forward and reverse proxy instruments
- comprehensive authorization capabilities
Benefits:
- users can move their Apache web sites to IIS without modifications
- current PHP and other Unix oriented web applications can be easily configured for IIS
- flexible user permissions control (as they implemented in Apache world)
- powerful URL rewriting compatible with Apache does not require rule redesign
- reverse and forward proxy features available for your web server
- low level controls over web site behavior open extended abilities for optimisation, security and performance
Currently implemented modules:
- mod_auth_basic – allows the use of HTTP Basic Authentication
- mod_auth_digest – allows the use of MD5 Digest Authentication
- mod_authn_anon – configures anonymous users access authenticated areas
- mod_authn_default – rejects whatever credentials if no authentication is set
- mod_authn_file – provides authentication based on user look-up in plain text password file
- mod_authz_default – rejects any authorization request if no authentication is configured
- mod_authz_groupfile – allows or denies access to particular areas of the site depending on user group membership
- mod_authz_host – allows access control to particular parts of web server based on hostname, IP address, or other characteristics of the client request
- mod_authz_user – allows or denies access of authenticated users to portions of the web site
- mod_core – implements core features of Helicon Ape
- mod_env – allows control of the environment provided to CGI scripts and SSI pages
- mod_expires – allows setting of Expires HTTP header and max-age directive of Cache-Control HTTP header in server responses in relation to either the time the source file was last modified, or to the time of the client access
- mod_headers – enables modification of HTTP request and response headers
- mod_proxy – implements forward and reverse proxy functions for your IIS server
- mod_rewrite – allows rewriting of requested URLs on the fly based on regular-expressions-based rules and various conditions
- mod_setenvif – allows setting environment variables depending on whether different parts of the request match specified regular expressions
- mod_so – emulates loading modules functions
More info. and download at: http://www.helicontech.com/ape/
About a week ago, the IIS Team released an updated version 3.1 of the URLScan tool. If you are running ver. 3.0, it’s recommended that you upgrade to URLScan 3.1.
URLScan is the tool to protect your websites against SQL Injection Attacks, the new version is updated to handle new variation of attacks.
Our internal security team brought it to our attention that they’d seen a new variation on the attacks. This new variation is trying to exploit a behavior in ASP’s parsing of the query string for the Request.QueryString function.
UrlScan version 3.1 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.
The UrlScan version 3.1 security tool gives administrators even greater control over UrlScan configuration, providing functionality that helps administrators further secure and lock down the server.
New features
- New installer that allows URLScan 3.1 to be installed on IIS 5.1 or later, including IIS 7.
- Deny rules that can be independently applied to URL, query string, all headers, a particular header or a combination of these.
- A global DenyQueryString section that lets you add deny rules for query strings with the option of checking un-escaped version of the query string as well.
- Support for escape sequences in the deny rules so it’s possible to deny CRLF and other non-printable characters in configuration.
- Multiple urlscan instances can be installed as site filters, each with its own configuration and logging options (urlscan.ini).
- Configuration (urlscan.ini) change notifications that are propagated to worker processes without having to recycle them. Note that log settings still have to be recycled.
Download
Found this special ISAPI “WordPress URL Rewrite”, it’s a free ISAPI application for IIS 7.0.
The features are:
- Can run with multiple WordPress installations in an IIS Web Site (for example: / and /MyBlog/)
- Has a configurable path Exceptions list (for example: defining /Forum as an exception would prevent any pages in this folder from being re-written)
- Works with IIS 5.0, 5.1 and 6.0
- Works with WordPress 2.0 or higher
- Easy to setup, easy to maintain
It could be an alternative to Microsoft’s own URL Rewrite module, which I’ve blogged about in an earlier post.
Microsoft has announced and release the first beta of the Microsoft Web Platform.
The Microsoft Web Platform is a free tool that makes it simple to download and install the latest components of the Microsoft Web Platform, including the IIS7, SQL Server Express, .NET Framework and Visual Web Developer.
The Microsoft Web Platform is a reliable, high-performance web stack that is capable of hosting both ASP.NET and PHP applications on a single server, and can scale to run the largest sites on the web. The Microsoft Web Platform, including SQL Server, Visual Studio, IIS7 and the .NET Framework, is available for free, and can be obtained with the new Microsoft Web Platform Installer, a tool that both simplifies installation and keeps your server up-to-date.
More information about the Microsoft Web Platform from Carlos Blog and www.microsoft.com/web.
Download the Microsoft Web Platform Installer here.
As previously announced on my blog, Microsoft released a new version of the URL Rewrite Module for IIS 7.0 a few weeks ago. The new release is a Go Live release, so we are getting closer to the final release.
The Microsoft URL Rewrite Module for IIS 7.0 provides flexible rules-based rewrite engine that can be used to perform broad spectrum of URL manipulation tasks, including, but not limited to:
- Enabling user friendly and search engine friendly URL with dynamic web applications
- Rewriting URL’s based on HTTP headers and server variables
- Web site content handling
- Controlling access to web site content based on URL segments or request metadata
Overview of the features:
- Rules-based URL rewriting engine
- Regular expression pattern matching
- Wildcard pattern matching
- Global and distributed rewrite rules
- Access to server variables and http headers
- Various rule actions
- Support for IIS kernel mode and user mode output caching
- Lower case conversion
- Rewrite maps
- Failed Request Tracing support
- Rule templates
- UI for testing of regular expression and wildcard patterns
- UI for managing rewrite rules and rewrite maps
- GUI tool for importing of mod_rewrite rules
For at full list and explanation of features of URL Rewrite Module, see this post.
It’s available for download:
The Microsoft IIS Team has released a bunch of new modules for IIS 7.0. Here’s an overview of the newly released modules:
Follow Me