Backup and restore IIS configuration with appcmd
If you are using Windows Server IIS as your web server software, it is important to make regular backups. Luckily, using
appcmd this is quite easy.
Just a quicky: Start all stopped application pools in IIS that have the autostart property set to true. Easily with appcmd or the IISAppPool cmdlet that’s available in the IISAdministration PowerShell module. And here is how.Continue reading
When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s
config.js file. This happend to me yesterday, and here is the solution.
In this article I’ll show you how to install the Microsoft SQL Server Driver for PHP 7+. This makes the use of an SQL Server database back-end for your PHP website easy. If you want to communicatie with SQL Server using PHP you need to rely on some additional software and PHP extensions. This post walks you through the steps necessary to install the SQL Server driver and SQLSRV extension for PHP 7+, on Windows Server IIS of course.Continue reading
Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this
How to fix the URL Rewrite Module error “Rewrite error: Expression contains a repeat expression” on Windows Server IIS.Continue reading
Using Windows Server File Server Resource Manager‘s File Screens you can block vulnerable WordPress plugins from being saved on your IIS web server. In the following example, you’ll learn how to block WP DB Backup plugin system-wide on Windows Server, read on…Continue reading
Rewrite and proxy HTTP requests in IIS using a .htaccess
In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a
.htaccess file handled by Helicon Ape.
Tune OPcache and make PHP OPcache perform even better! Now that you’ve optimized PHP realpath_cache_size, it’s time to fine-tune OPcache. With just a few tweaks you can tune PHP OPcache to make it perform much better, and here is how…Continue reading
Set up HTTP Strict-Transport-Security (HSTS) in Windows Server IIS. Scott Hanselman wrote a great post on how to enable HTTP Strict-Transport-Security (HSTS) on IIS web servers, and here is some more technical information about HSTS in IIS (and other security headers)…Continue reading
By default, an IIS application pool (or “AppPool”) recycles on a regular time interval of 1740 minutes, or 29 hours. One reason for this time interval is that application pools don’t recycle at the same moment every day (every day at 07.00 for example). However, sometimes you want to change this regular time interval to specific times. And when you try to configure this in IIS Manager, it gives you an error. Luckily, AppCmd and PowerShell come to the rescue!Continue reading
An HTTP to HTTPS redirect on IIS is often better left to the web server, with a simple httpRedirect redirection, than to a resource expensive URL Rewrite. This is easily done in a web.config IIS website configuration file. Where possible, use the IIS
httpRedirect element for a HTTP to HTTPS redirection, and here is how:
PHP 7 with OPcache in IIS Express for WebMatrix 3: learn how to create your own PHP development environment easily with Microsoft WebMatrix and IIS Express and your own custom PHP version. Note: this guide also applies to newer PHP versions, just change the version numbers.Continue reading
Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.Continue reading