web-config

How to optimize Umbraco 8 performance

Out of the box, Umbraco is a well built and pretty fast content management system. However, it is still important you perform some steps to further optimize Umbraco's performance and loading speed. Here on Sysadmins of the North, I wrote about 11+ tips to optimize Umbraco 7 CMS earlier, and in this post I write about implementing them in Umbraco 8.

Read more...

3 Ways of blocking sendmail.php on IIS webserver

Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for this purpose, and here is how.

It is important to know how to block access to files in Windows Server IIS, for example to prevent or stop spam mails from being sent. In this post I show you three methods to block access to a PHP file called "sendmail.php".

Read more...

How to add a trailing slash in Umbraco 8

This article shows you how to add a trailing slash to URL's in Umbraco 8, using IIS URL Rewrite Module, without breaking the Umbraco backend. Forcing one particular URL avoids duplicate content, which is important for SEO.

Read more...

Disallow direct access to PHP files in wp-content/uploads/

It's recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how.

Read more...

Basic Authentication module for Windows Server IIS 10

Basic Authentication managed HTTP module for IIS 10 with virtual users support. In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It's apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for virtual users.

Basic authentication is a mechanism for a browser or other HTTP user agent to provide credentials when making a request to the server. This mechanism is supported by all major browsers and all major web servers. In the context of .NET web development, we have an IIS web server that provides basic authentication against Windows accounts on the server machine store or Active Directory.

Read more...

Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.

Read more...

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You'll learn the important steps to move WordPress from http to https in this post.

Read more...

Ghost on IIS with HTTPS, how to resolve a "Too many redirects" error

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost's config.js file. This happend to me yesterday, and here is the solution.

Read more...

HackRepair.com's Bad Bots .htaccess in web.config for IIS

Learn to protect your WordPress website with this web.config file

Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!

Read more...

IIS URL Rewrite "Rewrite Module error: Expression contains a repeat expression"

The other day, I had to migrate a website from a Linux / Apache web server to Windows Server IIS. Yes, that type of migration happens too, sometimes. The website in question had a lot of sub domains, all pointing to folders within the web root using that same name: foobar.example.com would redirect (rewrite) to www.example.com/foobar.

Read more...

iis (80) powershell (73) php (55) mysql (37) windows (33) performance (27) web-config (23) Website (22) wordpress (22) linux (22) htaccess (20) aspnet (19) url-rewrite-module (19) sql-server (18) bash (18) optimization (18) ssl (17) plugin (14) windows-10 (13) monitoring (11) windows-server (11) devops (10) appcmd (10) security (9) wsl (9) windows-update (9) smtp (9) wincache (9) wmi (8) zabbix (8) windows-server-2019 (8) opcache (8) openssh (7) database (7) dism (7) windows-server-2016 (7) functions-php (7) iis-60 (7) sysops (6) wsus (6) apache (6) hyper-v (6) virtualization (6) spam (6) classic-asp (6) ddos (6) windows-server-2003 (6) password (5) email (5) active-directory (5) joomla (5) command-line (5) application-pool (5) blacklist (5) t-sql (4) wql (4) windows-server-2022 (4) https (4) group-policy (4) backup (4) connector-net (4) debug (4) logparser (4) network-adapter (4) dns (4) query_cache (4) ghost (4) iisnode (4) node-js (4) vbscript (3) windows-firewall (3) brute-force (3) ftp (3) postfix (3) forensics (3) benchmark (3) xss (3) disk-cleanup (3) disk-space (3) windows-server-2012-r2 (3) denial-of-service (3) sql-injection (3) net-core (2) visual-studio (2) windows-defender (2) rdp (2) connector-odbc (2) c (2) mysqldump (2) xml-rpc (2) smb (2) cross-site-scripting (2) innodb (2) httpbl (2) centos (2) magento (2) deployment (2) windows-deployment-services (2) mysqli (2) open-xchange (2) waf (2) web-application-firewall (2) openssl (1) windows-11 (1) ipv6 (1) networking (1) sqlce (1) tinymce (1) kvm (1) http-3 (1) quic (1) wmsvc (1) database-mirroring (1) service-principal-names (1) spn (1) jetpack (1) api (1) hack (1) kms (1) windows-server-2008-r2 (1) red-hat (1) varnish-cache (1) elasticsearch (1) dhcp (1) jquery (1)