Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security
When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module in IIS. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite …
How to fix the URL Rewrite Module error “Rewrite error: Expression contains a repeat expression” on Windows Server IIS.
Extensionless URLs in IIS Sometimes it’s important to remove -or hide- the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website, or for static site hosts. This example will hide the .php extension using the …
Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for …
When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.
Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!
Rewrite and proxy HTTP requests in IIS using a .htaccess In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard …
Set up HTTP Strict-Transport-Security (HSTS) in Windows Server IIS 10. Scott Hanselman wrote a great post on how to enable HTTP Strict-Transport-Security (HSTS) on IIS web servers, and here is some more technical information about HSTS in IIS, and other security headers…
Learn how to set up website DDoS protection with .htaccess and mod_evasive on Windows Server IIS Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic …
How to remove Server and other HTTP response headers in Windows Server IIS and ASP.NET. Using web.config files. You don’t want to give hackers too much information about your servers, heh? ;-)
Saotn.org uses used URL Rewrite Outbound Rules in IIS, to offload content from a different server and/or host name. This is also known as IIS with URL Rewrite as a reverse proxy, and should improve website performance. Just recently I noticed Outbound Rules conflicted with gzip compressed content. The following HTTP 500.52 URL Rewrite Module …
This post describes the steps necessary to install Node.js and Ghost on Windows Server IIS. Ghost is a Node.js web application, specific for just blogging. To run Node.js applications in IIS, you need iisnode as a module. Here is how to install all of this.
Use these IIS Outbound Rules to offload javascript and CSS stylesheets. Here’s how to create a Content Delivery Network (CDN) using IIS outbound rewrite rules. Offload your static content and speed up your website with these tips. Offloading content is important for the performance of your website, because then content is downloaded in parallel and …
How to remove the ETag response header in IIS as Yahoo! YSlow recommends? Yahoo! YSlow recommends removing Entity tags – also known as ETag. Unfortunately removing the ETag response header is not an easy task on Windows Server IIS web servers. Here I show you how to properly remove ETag HTTP response headers with an …
Multiple vulnerabilities found in IIS 6.0 and 7.5 web servers. On the Full-Disclosure mailinglist Kingcope posted several IIS 6.0 and 7.5 bugs. Because I am a Windows Server and IIS admin, I took some time to test the various vulnerabilities …
