Pass-through authentication failing
The enviroment: Server A: Windows Server 2008 R2 / IIS 7 Server B: Windows Server 2003 R2 Domain Controller: Windows Server 2003 R2Both server A and B are part of the same domain.The issue: We have...
View ArticleClik here to view.
How to isolate sites by sites?
Hello everyone,I am new here, and I have a security question about iis7.5 in win2008r2.I have about 20 sites, all of them worked with win2k3, iis6. Some sites have bad coding and had upload webshell by...
View ArticleHow to block list of domains like .domain.com, .domain.co.uk under IIS7.5
I want to block all request from list of doamins (let say around 4000 domain) to access my asp.net website hosted on IIS 7.5 web server.I Have already tried IP Address and Domain Restrictions feature...
View Articledirectory listing denied
get the directory listing denied error while browsing a website internally but works fine externally please help took me 2 days nowlooking forward to hearing from you guys
View ArticleIIS ARR on DMZ for OWA in Domain
I have to have a reverse proxy between the internet and my internal domain Exchange 2010 OWA. I am hoping to use IIS ARR on Windows 2008R2. My plan is to place the ARR machine on the DMZ and have it...
View ArticleCan I deny webshell visit c: by deny IUSR privilege?
Hello,I am working in 2008r2 now, for security reseaon, I separated every sites by using different pools, and every pool runs under ApplicationPoolIdentity.If I don't want hackers using a webshell...
View Article403 forbidden on IE directory listing denied on other browsers
I have my domain maxim.com and want to host a website with a name www.soulshifter.com the problem then arises when i want to access the website internally but works fine externally please help
View ArticleIIS 7.0 Splash/Welcome Screen Problem
I am trying to create a web application inside Default web site. After I create I map the physical drive to D:\XYZ where there is a simple html page. When I browse this site from IE 9 or from IIS...
View ArticleIIS 7.5 How to prevent HTTP Slow POST DoS Attack
Hi,I've an ASP.NET MVC 5 application deployed on IIS 7.5As per my security admin, my site is vulnerable to Slow HTTP POST DoS attack.1. My understanding is that Slow HTTP POST attack is what keeps the...
View ArticleAuthenticate to a webservice (with redirecting)
We have a Biztalk on server A, which is hosting a "Biztalk Web Service" on the locally installed IIS (7.0). On server B (in the DMZ) we have an IIS (7.0) that is externally reachable. On server B we...
View ArticleHow can I access an ssl client certificate using PHP?
From what I've seen, I can access the subject from the environment variable "CERT_SUBJECT". How, though, can I access the entire certificate? Or at least the public key?Basically I'm looking for the...
View ArticleCan I Log 401 Errors to a Database for Audit?
I wrote a Windows Authenticated ASP .NET MVC 5.0 running on IIS7 using role based security on the controllers. When not authorized the user is presented with the login window. My boss wants all of...
View ArticleIUSR access to folders without permissions
I used the Web Platform installer to setup Wordpress/PhP/MySQL on my 2008R2 box and then deployed a simple corporate info web site using WordPress. The web site seems to be working fine but I always...
View ArticleHow to disable SSL v3 in IIS 8.5?
We need our new web server (IIS 8.5 on Windows Server 2012 R2) to be PCI-compliant and the web server scanning tools are finding the out-of-the-box configuration of IIS 8.5 as having SSL v3 being...
View ArticleHttpContext.Current.User.Identity.Name is Incorrect
Hi,My Issue details as below1) we had created an account(login) in server which is duplicate login in our DB to Autenticate 2) Rename the Server Login by appending Number In IIS log we are able see the...
View Articlered address bar
With greetings to friends. I've set up and assemble an internal network settings on the IIS server, when I enable Https protocol and digital signature from my IIS, and red in the browser address bar....
View ArticleClik here to view.
Removing http response headers
HiYes, its yet another response-header thread I've been looking at removing all the normal http response headers, and so far i haven't found that one great way of doing it.You all know them. asp.net...
View ArticleIIS security benchmarks configuration guide
CIS security benchmarks are the de facto standard for security settings. Most of the peneration and security testing tools use these guides to generate security reports.They are extensive and you...
View ArticleIs it possible sinc config with hashed password with msdeploy?
Hi,When syncing two iis servers, sync works fine, except few app pools, because they have windows user identity. In second server user name is displayed corectly, but then i tested connection i got...
View ArticleIIS7.5 .NET Authorization Rule Allow All Users Inherited
I need to remove the inherited allow All Users rule from a website.I have removed it from the top of the iis manager tree:Start Page->Server(domain\administrator),but it still exists in all v4.0...
View Article