Web Server HTTP Dangerous Method Detection
The PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP or PHP, it will allow the attacker to execute code with the...
View ArticlePOST request parameter length
Hi,We have an IIS 7.0 on Windows Server 2008 which redirects requests to a Web app installed on a Tomcat in the same machine. We have a problem administering the application permissions: when we add an...
View ArticleApplication Pool Identity vs Custom Account
Hi you guys,I would like to figure out the advantages and disadvantages of using Application Pool Identity (in Built-in Account) vs Custom Account?Which should be used for security configuration?Hope...
View ArticlePassword protect ALL files in a single directory - probably with web.config file
I have been googing around on this for hours and days and I know it must be simple.The closest I got was to protect the folder, but after setting up this web.config file, individual files inside the...
View ArticleError: ASN1 bad tag value met. 0x8009310b(ASN: 267) when installing a...
Hello... Is anyone seen this error when attempting to install a VeriSign chain certificate using IIS 7 server? CertEnroll:CX509Enrolment:p_InstallResponse: ASN1 bad tag value met. 0x8009310b(ASN: 267)...
View ArticleDisable SSL v2 in IIS7?
I saw and read http://support.microsoft.com/kb/187498 It states that it is the same for IIS 7 on 2K8, but when I looked in the registry I only saw the Key for SSL 2.0 and no other versions, then...
View ArticleUnderstanding NTLM prompt negotiate intranet sites/IIS7 configuration and...
Hi there,IIS7.5 - site using integrated, .net 4, "AppPoolIdentity"I have to say, I really don't grok "classic/integrated" and all the differences between "Local System", "Network Service" and all the...
View Articlegetting HTTP Error 503. The service is unavailable. for http://localhost/ccnet/
Hi, I m installed for Cruise Control .Net and configured Webdashboardafter that i am trying to opening i got an error HTTP 5000.19 error then i solve it by unlocking (<location> tag).Now i...
View ArticleHow do I prevent AspxSpy?
AspxSpy : http://code.google.com/p/aspxspy/downloads/list Server : Windows 2008 Sp : Service Pack 2 Hotfix : All installed IIS : All sites different user and different application pool
View ArticleIIS Server2008r2 limiting user access to certain Web pages.
I have created a simple Web site in which I want my Active Directory users to be able to use, with the exception of one page located in a folder called private. This one page I want password protected....
View ArticleService to service call on same IIS with windows authentication
Hi people i have some issue like this:I have two WCF services both with:<bindings><basicHttpBinding><binding name="basicHttpBinding" /><binding...
View ArticleTroubleshooting why WindowsAuthentication module is not kicking in for a...
For more than a couple of years, we have successfully used the approach outlined in this post for enabling mixed-mode authentication in our Asp.Net app:http://stackoverflow.com/a/7735008We have 2...
View ArticleNewbie - web site now gets 403 Forbidden - Access Denied
Hello All! Here is the newbie again. This is on a Windows 2008 server running IIS 7. Ok - using WoprdPress - used 2 WordPress plugins to change the URL's and database to be mywebsite.com, and...
View ArticleIIS authentication configuration with C++ code
I am trying to develop a C++ program to programmatically configure the IIS app host configuration file, but failed to add a element to the elementcollection.And I kept getting an error complaining that...
View ArticleAuthentication problems / 401.1 error after installing NDES (MSCEP...
Hello,I installed the NDES Server on a Windows Server 2008 R2 Datacenter machine. The access to the webservice works fine for the following URLS (using IE):- https://localhost/CertSrv/mscep_admin/-...
View ArticleCookie problem in IIS7 and IE: New session id with every request
Hi, I have a website running in IIS7 and it seems to be creating a new session for every request I make. The values I store in Session are lost with every request. This is the forms bit in my...
View ArticleIIS 6 on Windows 2003 server issue disabling RC4
App running on II6 on Windows server 2003 connecting to webservices app. disabling RC4 cipher causes the failure to connect to the webservice.throwing System.Net.WebException. "An unexpected error...
View ArticleIIs 7.5 SSl option
Hello Everyone, I have this application running on production on Windows server 2008 R2 standard., we were asked to make it CAC card enabled. In order to do that I checked the SSL optiojn in IIS 7.5....
View ArticleCredentials on Virtual directory having the physical path on different...
Hello, With IIS7 on Windows 2008 R2 Standard 64bits, when I tried to assign a password for the physical path credentials, I always have the following error:The specified password is invalid. Type a new...
View ArticleIntegrated Windows Authentication in Windows 8/IIS 8
I am trying to setup Integrated Windows Authentication on Windows 8/IIS 8.0. I would have expected to find it in Programs and Features -> Turn Windows Features on or off -> Internet Information...
View Article