How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10

IIS URL Rewrite Module installation error IIS 10

When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module in IIS. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite …

Read more

How to hide the .php file extension with IIS URL Rewrite Module

Extensionless URLs in IIS Sometimes it’s important to remove -or hide- the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website, or for static site hosts. This example will hide the .php extension using the …

Read more

3 Ways of blocking sendmail.php on IIS webserver

Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for …

Read more

Ghost on IIS with HTTPS, how to resolve a “Too many redirects” error

Ghost logo

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.’s Bad Bots .htaccess in web.config for IIS

Jim Walker from posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!

RewriteProxy with .htaccess in IIS

Rewrite and proxy HTTP requests in IIS using a .htaccess In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard …

Read more

How to enable HTTP Strict-Transport-Security (HSTS) on IIS

Enable HSTS in IIS website

Set up HTTP Strict-Transport-Security (HSTS) in Windows Server IIS 10. Scott Hanselman wrote a great post on how to enable HTTP Strict-Transport-Security (HSTS) on IIS web servers, and here is some more technical information about HSTS in IIS, and other security headers…

Mod_evasive on IIS

Learn how to set up website DDoS protection with .htaccess and mod_evasive on Windows Server IIS Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic …

Read more

IIS Outbound Rules with gzip compression uses used URL Rewrite Outbound Rules in IIS, to offload content from a different server and/or host name. This is also known as IIS with URL Rewrite as a reverse proxy, and should improve website performance. Just recently I noticed Outbound Rules conflicted with gzip compressed content. The following HTTP 500.52 URL Rewrite Module …

Read more

Install Node.js, iisnode module and Ghost on Windows Server / IIS

This post describes the steps necessary to install Node.js and Ghost on Windows Server IIS. Ghost is a Node.js web application, specific for just blogging. To run Node.js applications in IIS, you need iisnode as a module. Here is how to install all of this.

Create your own CDN using IIS Outbound Rules

Use these IIS Outbound Rules to offload javascript and CSS stylesheets. Here’s how to create a Content Delivery Network (CDN) using IIS outbound rewrite rules. Offload your static content and speed up your website with these tips. Offloading content is important for the performance of your website, because then content is downloaded in parallel and …

Read more

Remove ETags HTTP response header in IIS

How to remove the ETag response header in IIS as Yahoo! YSlow recommends? Yahoo! YSlow recommends removing Entity tags – also known as ETag. Unfortunately removing the ETag response header is not an easy task on Windows Server IIS web servers. Here I show you how to properly remove ETag HTTP response headers with an …

Read more

Show Buttons
Hide Buttons