Search Results

Search found 4644 results on 186 pages for 'iis7 rewrite'.

Page 71/186 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78 | Next Page >

Attempted hack on VPS, how to protect in future, what were they trying to do?

- by Moin Zaman

UPDATE: They're still here. Help me stop or trap them! Hi SF'ers, I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes payment information to a text file. Fortunately or unfortunately they stuffed up, the had a typo in the code, which broke the site so I came to know about it straight away. I have some inkling as to how they managed to do this: My website CMS has a File upload area where you can upload images and files to be used within the website. The uploads are limited to 2 folders. I found two suspicious files in these folders and on examining the contents it looks like these files allow the hacker to view the server's filesystem and upload their own files, modify files and even change registry keys?! I've deleted some files, and changed passwords and am in the process of trying to secure the CMS and limit file uploads by extensions. Anything else you guys can suggest I do to try and find out more details about how they got in and what else I can do to prevent this in future?

Read the article
Deleting files using .NET that were migrated from win2k3

- by Andrew Duncan

We recently migrated an ASP.NET website from Windows 2003 to Windows 2008 R2, by zipping up all the files and extracting them to the new site. Since migrating the web application is still able to upload and delete files (that are new), however, it's unable to delete files that were copied from the original Win 2k3 app. We're guessing it's a permissions problem because the error is: Access to the path 'E:.......PATH.....' is denied. We've been trying to match the permissions of a newly uploaded file to that of a migrated files. Newly uploaded files seem to get the APP POOL user as a permission and the OWNER. However, the original files didn't have this. Any help that anyone can be would be fantastic. Thanks,

Read the article
Handling emails on a web server - Making sure the FQDN is set correctly based on the website sending the email

- by webnoob

I have a Windows 2008 Web Edition server hosting multiple websites using IIS 7.5. At the moment, all the emails are sent via the IIS6 SMTP service. The FQDN of the SMTP service is set to the computer name at the moment which isn't correct as it doesn't resolve to a valid DNS entry and is not RFC compliant. Some questions: Is there any way I can change the FQDN of the SMTP service based on the site sending the email? Would it be Ok to just setup mailserver.mydomain.com and use that as the FQDN for all the sites on multiple domains. Should I be using some other mail server software to handle this better? The reason I am asking is lots of emails are hitting spam folders because the settings are incorrect. I have access to the code that is running the websites so if something needs to be done there then that shouldn't be a problem. The sites are written using ASP.NET 2.0. EDIT: I have just found an option to create an SMTP virtual service. Would this be the way forward? Create a virtual server for each site? Thanks.

Read the article
w3wp.exe process QueryFile failure on Sysinternal Process Monitor

- by win08r2newbie

I am running the Process Monitor tool from sysinternals and I see a lot failures from IIS (w3wp.exe) with Operation QueryFile having a result of "NO SUCH FILE". They are all images in the applications themes directory with web.config appended! example: C:\inetpub\wwwroot\mywebapp\App_Themes\blueTheme\images\icon.png\web.config

Read the article
Should I impersonate PHP via FastCGI?

- by AKeller

I am installing the latest version of PHP onto IIS 7.5 via FastCGI, and all of the instructions say that FastCGI should impersonate the calling client by setting fastcgi.impersonate = 1 If my website will have this configuration dedicated application pool application pool identity of ApplicationPoolIdentity anonymous authentication only (as IUSR) why do I want to impersonate? I come from an ASP.NET background, where the IUSR gets read-only permissions and the application pool identity gets any write permissions. Giving write access to the IUSR usually opens the door for WebDAV vulnerabilities. So I hesitate to let PHP run as the IUSR. I can't find many people asking this question (1 | 2) so I think I must be missing something. Can someone clarify this for me?

Read the article
embedded tomcat 7 behind iis 7.5 proxy ssl problems

- by user1058410

I'm using embedded tomcat 7 behind a iis 7.5 proxy server, with requests being forwarded to tomcat with arr. Everything works fine unless iis is set to require ssl. Then things like links that are generated dynamically in .jsp files on tomcat don't work right. For example if a link is supposed to point to _https://somewhere.com:443 it will be wrote as _http://somewhere.com:8080 (8080 is the port tomcat is running on). The problem seems to come from when tomcat looks at itself to build out the url it sees correctly that it is running on _http://somewhere.com:8080, but i need it to think otherwise. Does anybody know how to accomplish this without using ssl between iis and tomcat? Sorry for the underscores in front of the imaginary urls.

Read the article
Why my webservice not live on internet? [closed]

- by blankon91

I've windows server that goes live on internet, (e.g. www.mysite.com). Then I want to create another site with different port (e.g. www.mysite.com:502). I've create that and it works when I access it on local network, but when I access it from outside of local network (internet) the www.mysite.com:502 can't accessed but the www.mysite.com can accessed. what should I do to make www.mysite.com:502 goes online? I use windows server 2008 standard

Read the article
Diagnose cause of long running requests in IIS 7.0

- by Shlomi Fruchter

We are running an ASP.NET web application on IIS 7.0, Windows Server 2008 R2, with SQL Server 2008 R2 for DB. On weekends, when the traffic is high, the request queue length in the IIS servers increase (up to 800 requests) and then drops, every minute or so. I can see that the servers are handling some requests which, according to the 'Current Requests' view in IIS Manager, are long running (thier Time Elapsed value ranges from 20 to 50 seconds). Those requests are not necessarily heavy queries, actually, I can't understand why they are taking so long. Can it be because the client is closing the connection on his side? Thanks, Shlomi

Read the article
Cache Control Headers with IIS 7.5

- by Brad

I'm trying to wrap my head around client side (web browser) caching and how it works in relation to IIS 7.5 cache control headers. In particular: If we want to force clients to reload cached resources, how must IIS be configured? Do we need to set expire web content immediately if the resources on the server have a more recent Modified Date (or ETag value)? Right now we're not setting any cache headers. So if I set a cache header of no-cache (which I think is the equivalent of expire web content immediately) will that force the web browser to obtain a new version of a particular file. Or will the browser only request a new version after it deems its current copy to be stale and then from that point forward not cache it? Would a best practice be to set a cache control flag of 1 week, then 8 days before I know I am going to make a change set the cache control down to for instance 30 minutes? But if I do that and then need to immediately expire an item from users caches because there was an issue with it how do I do that?

Read the article
Force encoding with IIS 7

- by Cédric Boivin

I try to force encoding with IIS 7. When I add in the http response headers the key : Content-Type and value charset=utf-8 i got this key content-type : text/html,content-type=utf-8 it's there a way to remove the comma ?

Read the article
FTP Logs in IIS 7.5

- by Jacob84

I know this is weird, but the thruth is that I can't find the FTP logs in one IIS 7.5 Server. In the IIS Management Console, I've gone to the server, click on FTP Logging that appears inside FTP group (with other options like FTP Messages and FTP Request filtering). Seems that the configured folder for logs is: C:\InetPubFolder\logs\LogFiles If I go there, I can find a lot of folders with the structure W3SVC#, where # it's a number. They all contain logs, but they are HTTP logs, plenty of GET and POST verbs. Am I missing something? The server contains a lot of domains and It's hard to find.

Read the article
SMTP and IIS maild from my website

- by RupDog

Hi, I am using the free version for Google Apps to host my mail. I want to set is so that mail is routed via google apps as this will give me a much better reputation and mail will not go to the spam folder as much. Doe anyone know how this is done? Would I need to setup IIS to do this? The site is writeen in C# ASP.NET. So Could I perhaps just update the web.config file to route mail via google apps?

Read the article
Office documents on intranet all requiring second login and can't pass auth? Disable webdav?

- by DOTang

I am not sure what is going on, but recently all the Office documents on our intranet get prompted a second time for login and according to the error logs it looks like it's trying to use webdav to open (an editable?) version of the document to save directly on the server? We have no sharepoint server setup or anything, but this shouldn't be happening. All I want is for the document to be saved or opened from a local copy in temp like normal. Here is the log: Line 57499: 2011-04-12 15:57:10 (ip) OPTIONS (address) - 443 (username) (user ip) Microsoft-WebDAV-MiniRedir/6.1.7601 - 401 1 1326 1525 238 0 Line 57500: 2011-04-12 15:57:10 (ip) OPTIONS (address) - 443 (username) (user ip) Microsoft-WebDAV-MiniRedir/6.1.7601 - 401 1 1326 1525 238 0 Line 57501: 2011-04-12 15:57:10 (ip) OPTIONS (address) - 443 (username) (user ip) Microsoft-WebDAV-MiniRedir/6.1.7601 - 401 1 1326 1525 238 0 The log basically contains a bunch of these. How can I disable this behavior so that office documents that are downloaded aren't attempted to be used through webdav?? Edit: I should clarify behavior, it asks if you want to save or open it, upon choosing open open, it asks to re-authenicate, you put in the user information and the login box comes up 3 times acting like you entered the wrong password. For some users, after passing the login box the third time, it still opens up, for others their browser just locks up. It also doesn't even look like webdav is installed on our server, I see no config options in IIS for it as outlined on this page: http://learn.iis.net/page.aspx/350/installing-and-configuring-webdav-on-iis-7/#001

Read the article
Force encoding with IIS 7

- by Cédric Boivin

I try to force encoding with IIS 7. When I add in the http response headers the key : Content-Type and value charset=utf-8 i got this key content-type : text/html,content-type=utf-8 it's there a way to remove the comma ? Thanks Justin for your answer. But it's seen don't work. There is my config, i need to do that for asp classic. <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <staticContent> <remove fileExtension=".html" /> <remove fileExtension=".hxt" /> <remove fileExtension=".htm" /> <remove fileExtension=".asp" /> <mimeMap fileExtension=".htm" mimeType="text/html" /> <mimeMap fileExtension=".hxt" mimeType="text/html" /> <mimeMap fileExtension=".html" mimeType="text/html" /> <mimeMap fileExtension=".asp" mimeType="text/html; charset=UTF-8" /> </staticContent> </system.webServer> </configuration>

Read the article
IIS - Script for repeated hacks on a website

- by dodegaard

I currently have a site that is armored by ELMAH as its reporting mechanism. Each time someone hits a URL that is incorrect it notifies me or logs to the system. This is annoying for someone fat-fingering the URL with a misspelling but great when a hacker is trying to crack a site of mine. Has anyone ever written a script for IIS 7 on Win 2K8 that blocks an IP based on repeated attempts to hit a website? I've looked at Snort and other IDS systems but if I could get a script that could be linked to my ELMAH system it might be the perfect thing. PowerScript, etc. is what I was thinking. Hints and recommendations are wonderful and if you think a true intrusion detection system is recommended give me your ideas. Thanks in advance.

Read the article
Will restarting the W3SVC Web Publishing Service, also restart the app pool in IIS?

- by Mark Rogers

Background: I'm trying to stop and start IIS on a windows 7 build box, in order to run acceptance tests. But from what I have read, most of the remote web management features have been disabled by Microsoft in a retarted attempt to sell more Windows Server 2008 licenses. Still for some reason they didn't disable the least user-friendly ways of controlling IIS remotely, but they are all a total pain. What I can do easily is remotely stop and start the WWW service from a msbuild task. But I want to be sure that this also restarts the app pool, so that when I copy in new web files the web server there will be serving the most recent version of the website. Question: If I restart the W3SVC windows service, will that also restart the app pool?

Read the article
Warming up an IIS Application Pool automatically?

- by Michael Stum

So IIS likes to shut down app pools that aren't in use. While this makes sense, I would like to have certain app pools conterminously running, but I don't want to just disable the automatic app pool restart as some of the settings (e.g., maximum memory limit) are good to have. I know that Microsoft announced the IIS Application Warmup module as an IIS 7.5 feature only then to do a Bait & Switch and pull it again so that they can put it in IIS 8 instead, so I wonder if something exists to run on IIS 7.5/Windows 2008 R2?

Read the article
Can only connect to IIS site through localhost

- by Rembrandt Q. Einstein

I'm building a web service for my company's iPhone application, and everything's been working smoothly by running tests through localhost on the development machine. I'm now in the phase where I need to test connections from other computers within the network, and any connection other than localhost gives me a 404. My internal IP, 127.0.0.1, and computername all get 404 when connecting from any computer, either the one the site's hosted on or any others on the network. Telnet can get through to port 80, and I've temporarily disabled all firewalls on this machine (I do not have control over the external firewall, but I'm only testing connections within the network) Does anyone have a clue why this is happening? I was able to connect to the web service from other computers when hosted on a Mac via Apache, but because I'm now using a SQL Server connection I'm restricted to using IIS for Windows Authentication. Googling only provided answers related to firewalls, and mine is disabled note: I cannot use Anonymous Authentication, but even in testing that it did not affect the issue.

Read the article
Overrideen ASPNet.config does not apply for legacyImpersonationPolicy

- by Grumbler85

I tried to override the <legacyImpersonationPolicy> Element, so a single application, will enable this policy (which is necessary, since this application breaks if disabled). So my Framework64/aspnet.config states: <configuration> <runtime> <legacyUnhandledExceptionPolicy enabled="false" /> <legacyImpersonationPolicy enabled="false" /> <alwaysFlowImpersonationPolicy enabled="false" /> <SymbolReadingPolicy enabled="1" /> <shadowCopyVerifyByTimestamp enabled="true"/> </runtime> <startup useLegacyV2RuntimeActivationPolicy="true" /> </configuration> And a local aspnet.config file has this change: <legacyImpersonationPolicy enabled="false" /> Procmon tells me the file is read by the w3wp.exe, but the settings will not apply. Can anyone point out a way how to correctly override the setting? *The Server has been restarted meanwhile, but still no changes.

Read the article
Force .js files saved in ANSI encoding to show in UTF-8 on IIS 7.5

- by Xcarpa

I'm migrating a web system that now works on windows server 2003 IIS 6, to IIS 7.5 on windows 2008 server This system generates javascript files with accented characters in ANSI (Portuguese - Brazil). These javascripts shows for example alert messages. In IIS 6 I have no problem with that, but now using IIS 7.5 if those files are not in UTF-8, the accented characters do not appear correctly. Do we have any way to force these files, even in ANSI, to be processed by IIS 7.5 as UTF-8 ? Thank you ! Cheers Xcarpa

Read the article
Enable POST on IIS 7

- by user26712

Hello, I have a WCF service that requires POST verb. This service is hosted in a ASP.NET application on IIS 7. I have successfully confirmed that GET works, but POST does not. I have the following two operations, GET works, POST does not. [OperationContract] [WebInvoke(UriTemplate = "/TestPost", BodyStyle = WebMessageBodyStyle.Bare, RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)] public string TestPost() { return "great"; } [OperationContract] [WebGet(UriTemplate = "/TestGet", BodyStyle = WebMessageBodyStyle.Bare, RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)] public string TestGet() { return "great"; } When I try to access TestPost, I receive a message that says: "Method not allowed". Can someone help me configure IIS 7 to allow POST requests? Thank you!

Read the article
PHP processes run one at a time, always taking 100% of one core

- by Derek Kurth

We have seven websites written in PHP running on a Windows 2008 server with IIS 7.5. They are all very slow right now. When I look in Task Manager, I see around 10 php-cgi.exe processes, and they are all taking 0% of the CPU, except one, which is taking 25%. It's a quad-core server, so it's taking 100% of one core. If I watch for a few seconds, the process taking 25% will go to 0%, and a different php-cgi.exe process will jump to 25%. So all the php-cgi.exe processes are just lined up, waiting on a single core, and each process uses 100% of the processor when it can. Each of the 7 sites is in its own application pool in IIS, and we're using FastCGI. The PHP version is 5.3. Any ideas? Thanks!

Read the article
IIS 7.5 Limit folder access to local users

- by Kyle

Is there any way I can limit a folder (and everything recursively down) in my webroot to local access only (i.e. requests from 127.0.0.1)?

Read the article
Multiple SSL on same IP [closed]

- by kadourah

Possible Duplicate: Multiple SSL domains on the same IP address and same port? I have the following situation: first domain: test.domain.com IP: 1.2.3.4 Port: 443 SSL: Purchased from godaddy and specific to that domain Works fine no issues. I would like to add another site: test2.domain.com IP: the same Port: can be different SSL: different since I can't use the SSL above because it's specific to the site above. Now, when I add the HTTPS binding to the second site with IP:Port combination it appears to always load the first SSL ignoring the second certificate. How can I add second SSL binding to the same IP using a "different" certificate? Can this be done?

Read the article
SQL connection is too slow

- by user66905

We have a business web application in ASP.NET + SQL Server 2008. In the beginning, SQL Server and IIS were on the same machine. Now we bought another machine. Current configuration is IIS machine plus SQL Server machine, and they are connected by a 1gb LAN connection. With this configuration our web application is slower than before. Max bandwidth is 1-2% of network, about 15mbps. When we use another threads to the same SQL Server from the same IIS machine, network use is higher. So this is no problem with SQL Server. Ho we can make higher bandwidth for this SQL connection? Specs: .Net 3.5 SQL Server 2008 Standard file transfer can use 100% of LAN SQL connection by TCP/IP protocol SQL logins Pool tested with enable and

Read the article

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78 | Next Page >