Archive

Posts Tagged ‘IIS’

FTP and SSL

October 28th, 2009 No comments

Stumbled across some great articles about FTP, SSL and Active/Passive settings made by Alun Jones (Security MVP).

Thanks to Steve Schofield for the reference.

Categories: IIS Tags: ,

URL Rewrite Module – Released To Web

November 11th, 2008 No comments

The IIS team has made the URL Rewrite Module for IIS 7.0 Release To Web (RTW) available for download. This is a final, production-ready release that is officially supported by Microsoft.

Overview

URL rewrite module provides a rule-based rewriting mechanism for changing requested URL’s before they get processed by web server. The module can be used to express URL rewriting logic that can use regular expressions or wildcards and can make rewriting decisions based on HTTP headers and server variables. While the primary purpose of the module is to rewrite requested URL’s, it also has functionality to perform redirects, send custom responses or abort requests based on the logic expressed in the rewrite rules. In the end this means more Search Engine Friendly (SEF) URLs, something used in a lot of web applications like WordPress, Drupal, Joomla, just to list a few, there’s already some documentation from Microsoft on how to enable pretty Permalinks in WordPress.

Benefits

The Microsoft URL Rewrite Module for IIS 7.0 provides flexible rules-based rewrite engine that can be used to perform broad spectrum of URL manipulation tasks, including, but not limited to:

  • Enabling user friendly and search engine friendly URL with dynamic web applications
  • Rewriting URL’s based on HTTP headers and server variables
  • Web site content management
  • Controlling access to web site content

Download

More info

More information and a full feature list at Ruslans Blog.

Categories: IIS Tags: , , , ,

Apache Emulation on IIS 7.0

November 10th, 2008 No comments

Stumpled across a interesting new module for IIS 7.0: Helicon APE (APache Emulation) by Helicon Tech, currently in beta and available for download.

Helicon Ape is a unique module that emulates Apache execution environment on Microsoft IIS. It literally implements Apache configuration model (like .htaccess and httpd.conf files) and all most demanded Apache modules in a single IIS add-on, not only making IIS compatible with Apache, but also extending it’s functionality by a number of highly essential features.

Key features of Helicon APE:

  • compatibility with Apache modules configurations (beta version includes only basic modules but the list will be extending with future releases)
  • unprecedented compatibility with PHP-based applications;
  • user-friendly interface and plain text configurations (no XML!)
  • per-site installation without hosting administration involvement/assistance
  • powerful and flexible modules for URL rewriting
  • extensive forward and reverse proxy instruments
  • comprehensive authorization capabilities

Benefits:

  • users can move their Apache web sites to IIS without modifications
  • current PHP and other Unix oriented web applications can be easily configured for IIS
  • flexible user permissions control (as they implemented in Apache world)
  • powerful URL rewriting compatible with Apache does not require rule redesign
  • reverse and forward proxy features available for your web server
  • low level controls over web site behavior open extended abilities for optimisation, security and performance

Currently implemented modules:

  • mod_auth_basicallows the use of HTTP Basic Authentication
  • mod_auth_digestallows the use of MD5 Digest Authentication
  • mod_authn_anonconfigures anonymous users access authenticated areas
  • mod_authn_defaultrejects whatever credentials if no authentication is set
  • mod_authn_fileprovides authentication based on user look-up in plain text password file
  • mod_authz_defaultrejects any authorization request if no authentication is configured
  • mod_authz_groupfileallows or denies access to particular areas of the site depending on user group membership
  • mod_authz_hostallows access control to particular parts of web server based on hostname, IP address, or other characteristics of the client request
  • mod_authz_userallows or denies access of authenticated users to portions of the web site
  • mod_coreimplements core features of Helicon Ape
  • mod_envallows control of the environment provided to CGI scripts and SSI pages
  • mod_expiresallows setting of Expires HTTP header and max-age directive of Cache-Control HTTP header in server responses in relation to either the time the source file was last modified, or to the time of the client access
  • mod_headersenables modification of HTTP request and response headers
  • mod_proxyimplements forward and reverse proxy functions for your IIS server
  • mod_rewriteallows rewriting of requested URLs on the fly based on regular-expressions-based rules and various conditions
  • mod_setenvifallows setting environment variables depending on whether different parts of the request match specified regular expressions
  • mod_soemulates loading modules functions

More info. and download at: http://www.helicontech.com/ape/

Categories: IIS Tags: , , , ,

URLScan 3.1 Released

November 9th, 2008 No comments

About a week ago, the IIS Team released an updated version 3.1 of the URLScan tool. If you are running ver. 3.0, it’s recommended that you upgrade to URLScan 3.1.

URLScan is the tool to protect your websites against SQL Injection Attacks, the new version is updated to handle new variation of attacks.

Our internal security team brought it to our attention that they’d seen a new variation on the attacks.  This new variation is trying to exploit a behavior in ASP’s parsing of the query string for the Request.QueryString function.

UrlScan version 3.1 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.

The UrlScan version 3.1 security tool gives administrators even greater control over UrlScan configuration, providing functionality that helps administrators further secure and lock down the server.

New features

  • New installer that allows URLScan 3.1 to be installed on IIS 5.1 or later, including IIS 7.
  • Deny rules that can be independently applied to URL, query string, all headers, a particular header or a combination of these.
  • A global DenyQueryString section that lets you add deny rules for query strings with the option of checking un-escaped version of the query string as well.
  • Support for escape sequences in the deny rules so it’s possible to deny CRLF and other non-printable characters in configuration.
  • Multiple urlscan instances can be installed as site filters, each with its own configuration and logging options (urlscan.ini).
  • Configuration (urlscan.ini) change notifications that are propagated to worker processes without having to recycle them. Note that log settings still have to be recycled.

Download

Categories: IIS Tags: , , , , ,

IIS Media Pack 1.0 Released

November 9th, 2008 No comments

The IIS Team has released the final version (1.0) of the IIS Media Pack.

IIS Media Pack 1.0 currently includes the Bit Rate Throttling and Web Playlists extensions for IIS 7.0, which enable you to:

  • Save bandwidth costs by throttling the speed at which content is downloaded
  • Decrease network traffic by metering your media deliveries
  • Monetize media assets with Web playlists that personalize content and prevent ad skipping
  • Intelligently deliver multiple media formats from a single server, including .wmv, .flv, and .mp4 files

Rich media usage is exploding on the Web, and seventy percent of videos are delivered from Web servers. IIS Media Pack 1.0 provides media-specific IIS extensions that make Web server delivery of media simple and cost-effective. Building on the security, reliability, and manageability of IIS 7.0, IIS Media Pack 1.0 protects media assets as it increases scalability by supporting more concurrent users per server.

Bit Rate Throttling

Bit Rate Throttling lets Web server administrators meter the delivery of multiple media file types as well as data. By controlling how fast or how much data is downloaded to the client, site operators can see significant bandwidth cost savings for rich media content that has a high drop-off rate. Additionally, by controlling how much data is sent to the client, the number of concurrent users per server will increase.

Web Playlists

Web Playlists let you deliver server-controlled media playlists from your Web server infrastructure rather than using a dedicated streaming server.  They enable you to control whether clients can Seek or Skip for each media asset, which lends itself very well to monetizing your content with pre-roll and in-stream ads. Web Playlists also obfuscate the location of media assets from the end user, and prevent client-side caching of those assets.

More extensions

In the future we’ll see more extensions for IIS 7.0, this is just the beginning. A future extension would be Smooth Streaming, which enables adaptive streaming of media to Silverlight clients over HTTP.  This provides a high-quality viewing experience that scales massively on content distribution networks.

Download

x86 – 32-bit version

x64 – 64-bit version

Categories: IIS Tags: , , ,

MS Web Deployment Tool – Beta 2 Released

October 30th, 2008 No comments

Microsoft has released the latest version of the new Microsoft Web Deployment Tool for Internet Information Services (IIS).

It the new wonder tool for migrating web servers and sites, in it’s current form it supports the following features:

  • Migrate entire servers or individual sites from one machine to another (IIS6 –> IIS7)
  • Sync Servers, Sites, and Applications (IIS6 –> IIS6, and IIS7 –> IIS7)
  • Create offline packages that can be used as backups, version control, and deployment units

The new release includes many new cool features, such as:

An all-new IIS Manager extension that enables you to create, and install packages from within IIS Manager.  Imagine being able to right click on your Web site, create an offline ‘package’ of the site and all of it’s configuration, dependencies, etc., and then roll it out over any number of servers, locally or remote.

Support for ‘delegated’ publishing, which enables Administrators to grant control to developers and Web site owners to do the packaging and publishing without being a machine administrator.

Support for SQL Server, enabling you to include SQL databases (Schema + Data) as part of your deployment, both live server <-> sync as well as offline packaging.

Integration with Visual Web Developer Express as part of the upcoming Visual Studio 10 release which will enable developers to create application packages at development/build time, which can then be deployed directly from within VS (one-click publishing to remote servers!) or offline as part of a staging process.

Download links:

For more information see www.iis.net.

Categories: IIS Tags: , , , , ,

WordPress URL Rewrite on IIS 7.0

October 28th, 2008 No comments

image Found this special ISAPI “WordPress URL Rewrite”, it’s a free ISAPI application for IIS 7.0.

The features are:

  • Can run with multiple WordPress installations in an IIS Web Site (for example: / and /MyBlog/)
  • Has a configurable path Exceptions list (for example: defining /Forum as an exception would prevent any pages in this folder from being re-written)
  • Works with IIS 5.0, 5.1 and 6.0
  • Works with WordPress 2.0 or higher
  • Easy to setup, easy to maintain

It could be an alternative to Microsoft’s own URL Rewrite module, which I’ve blogged about in an earlier post.

Categories: IIS Tags: , , ,

URL Rewrite Module

October 1st, 2008 No comments

As previously announced on my blog, Microsoft released a new version of the URL Rewrite Module for IIS 7.0 a few weeks ago. The new release is a Go Live release, so we are getting closer to the final release.

The Microsoft URL Rewrite Module for IIS 7.0 provides flexible rules-based rewrite engine that can be used to perform broad spectrum of URL manipulation tasks, including, but not limited to:

  • Enabling user friendly and search engine friendly URL with dynamic web applications
  • Rewriting URL’s based on HTTP headers and server variables
  • Web site content handling
  • Controlling access to web site content based on URL segments or request metadata

Overview of the features:

  • Rules-based URL rewriting engine
  • Regular expression pattern matching
  • Wildcard pattern matching
  • Global and distributed rewrite rules
  • Access to server variables and http headers
  • Various rule actions
  • Support for IIS kernel mode and user mode output caching
  • Lower case conversion
  • Rewrite maps
  • Failed Request Tracing support
  • Rule templates
  • UI for testing of regular expression and wildcard patterns
  • UI for managing rewrite rules and rewrite maps
  • GUI tool for importing of mod_rewrite rules

For at full list and explanation of features of URL Rewrite Module, see this post.

 

It’s available for download:

Categories: IIS Tags: , , ,