How do you disable DES-CBC3-SHA with Windows 2008r2?
I have been trying to block the ability to connect via DES-CBC3-SHA (168)Currently i have reg keys for DES 56/56 , DES 168/168, Triple DES 168/168 all with keys of Enabled Dword 0 Howerver (and this is...
View Article[2008 R2] Permission denied
hi all, hope in your help.I've in my machine with windows server 2008 R2 this folder c:\inetpub\wwwroot\applicationWWW.For this folder applicationWWW in server web IIS 7 setup I've the Windows...
View Articlephp_printer.dll Windows Autentication IIS8 trouble
Hello everyone,I've been struggling to migrate my website from IIS6 on 2003 server to a more modern windows server 2012. Everything went well uptil the point of getting a php extension php_printer.dll...
View ArticleASP.NET not working with DNS name
Hi,I have asp.net web application using windows authentication. The website is running in IIS7. Server Name: MyServer01 DNS Name: Intranet (This name "Intranet" is pointing to IP address of...
View ArticleCan't setup a testing server because I'm not the administrator (but I am)
HelloI am using Dreamweaver and am trying to set up a testing site using IIS. I can’t get it set up. It says I don’t have administrative privileges. I am the administrator. This is a home computer...
View ArticleOpening port 443 to a small business IIS server
Hello,I'm fairly knowledgeable about setting up Windows servers, workstations, etc. I'm not well versed in the security side of the process. I know the basics: do updates, up-to-date protection,...
View Articleclient certificate configuration
Hi,I'm trying to securise a web access using clients certificates.But when I pass my IIS in "require" (for the client certificat), I've got a 403How I tried to configure it :1) creating a CA...
View ArticleNew SSL Certificate not refreshing
I have a website running on an IIS 7.5 server, Windows 2008 R2. I imported a wildcard certificate which expires 11/2013, and bound it to the website, on port 443. Everything worked fine. I renewed...
View Articledynamic ip restriction does not work in proxy mode
Hi, I installed and configured the dynamic IP restrictions module but I can't make it work yet. What I want is to restrict the access of external requests to a virtual folder in one of my web apps,...
View ArticleModsecurity on IIS 7.0
Hello,Anyone have any luck getting ModSecurity to work on IIS 7.0? I am downloaded the installer from modsecurity.org, installed it and configured it according to the instructions and I cannot get it...
View ArticleTLS 1.2 w/ECDHE&GCM on IIS 7.5
EDIT: I think I made a stupid mistake, see my next post Apologies in advance for the long post. Typically I work more with LAMP servers (on which I have accomplished my goal using newer versions of...
View ArticleIIS 8 - Directory Browsing
Hello,I am creating an IIS site that does pass through authentication based on users Windows account that they are currently logged into the domain on to a DFS Share in our domain. I am having an...
View ArticleII7.5 Complete Certificate Request Dissapears
Hi EveryoneA frustrating afternoon and morning indeed, but I hope someone can help shed some light on this strange oddity. So I have a new wildcard certificate from GoDaddy (*.company.com) followed...
View ArticleIUSR account, give some of the administrator right
Hi everyone,I was wondering something about the IUSR account and I didn't find a better place to discuss it than here.I understood that giving administrator right to the IUSR account is a really bad...
View ArticleApplicationppool identity custom account Vs Application Connect us Specific User
Hi ,I am really confused the use of Custom account in application pool and in the webapplication connect as specific user.And how the windows authentication works if we use the above accounts.What is...
View ArticleWrite access for the ApplicationPoolIdentiy
Hi,I have a application pool named test. I want to give write access on an specific folder on my web server. My server is also domain controller for this test environment. I want to add the rights in...
View ArticleRemoving HTTP headers for security and URLScan 3.1
Hi,I am in search of a simple solution to remove HTTP headers from HTTP responses on IIS 7.5.I have read the details about URLScan 3.1 and feel that it's too much of an overkill, especially if I have...
View ArticleRemoving IIS 7.5 unwanted headers from HTTP response.
Hello everybody,I installed Windows server 2008 R2 (x64) web edition with IIS 7.5. For each web site I created custom module to remove unwanted headers.Module code: using System; using System.Web; ///...
View ArticleIssue with connection string
I am a sql server DBA. I am not completely aware of how IIS recognizes a sql server windows login credentials.This is for our testing only and doesnt reflect any prod or development env's. Right now we...
View ArticleModSecurity 2.7.5 on IIS 7
Hello I want to use ModSecurity 2.7.5 on my IIS 7, is it possible to enable the module global for all sites?Thank you
View Article