Set up and enable HTTP Strict-Transport-Security (HSTS) in Windows Server IIS 10 web servers. And here is some more technical information about HSTS in IIS, and other security headers…
By default, an IIS application pool (or “AppPool”) recycles on a regular time interval of 1740 minutes, or 29 hours. Sometimes you want to change this regular time interval to a specific time schedule. And when you try to configure this in IIS Manager, it gives you an error. Luckily, AppCmd and PowerShell come to the rescue!
In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. In web.config and .htaccess. Use these examples to your advantage to secure the traffic between your visitors and your website.
Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. The problem with the Joomla Googlemaps plugin lies in the fact anyone can execute cURL HTTP requests to remote websites.
Learn how to set a good PHP realpath_cache_size and optimize your PHP performance. . Increasing realpath_cache_size might greatly improve PHP performance, as PHP states: “this value should be increased on systems where PHP opens many files.” Setting a correct value for PHP realpath_cache_size can greatly improve PHP performance and optimize WordPress – and other CMS’s – websites.
Here is how to start stopped application pools on IIS with AppCmd or PowerShell in a loop.
In my routine, I occasionally have to start multiple website application pools when they are in a stopped state. On more than one web server. Being a lazy system administrator, I find it too much work to log on every server. Therefore I start those application pools in a loop. A condition for me to start application pools is that the IIS ApplicationPool.AutoStart Property is set to true. This is because I set autostart to false when I disable hacked websites, and those application pools may not be started until all problems are resolved of course.
Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.
Remove HTTP response headers in Windows Server IIS 10 and ASP.NET because Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the Server header in the HTTP response. Here is how w to remove Server and other HTTP response headers in Windows Server IIS and ASP.NET. Using web.config files. You don’t want to give hackers too much information about your servers, heh? ;-)
When a Windows Communications Foundation (WCF) web service returns a 404 Not Found error, … Read More
As you know, more and more web hosting providers require SMTP authentication (often abbreviated as SMTP AUTH) and a TLS encrypted connection to send email. Here you’ll find some script examples to Send secure SMTP email from your website.
How to install WebSocket Protocol support in IIS through PowerShell’s Install-WindowsFeature cmdlet. Simply install and enable support for the WebSocket protocol on Windows Server IIS.
Sometimes it’s important to remove -or hide- the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website, or for static site hosts. This example will hide the .php extension using IIS URL Rewrite Module, in a ready to use web.config & .htaccess example: extension less URLs in IIS.