Hardening IIS against attacks
Hi,Our organization hosts a public facing website on IIS 7.This weekend a very simple DOS attack caused the application pool to crash.2014-04-05 19:15:39 dst_address POST / - 80 - src_address - - - 500...
View ArticleAccess to the path is denied
Hi,We have recently started to use a new group of Windows 2008 R2 SP1 IIS servers for production. We are using a dedicated AppPool for one of our test apps to troubleshoot a problem. The problem is...
View ArticleParsing IIS logs for dynamic IP restrictions hits?
Hi,I have begun using Dynamic IP restrictions in a limited fashion in order to test the functionality of the module.I would like to be notified anytime that the dynamic IP restrictions module blocks an...
View ArticleIs it possible to disable web.config files completely for a site?
Hi,Can anybody tell me please, is there an analogue to Apache's "AllowOverride None" directive in regards of the web.config files? In other words, can I make IIS ignore all web.config files in...
View Articleauthentication for perl(awstats)
hi,i am using awstats for my IIS7.5I try to use forms authenrication, but it only work on the directory only( http://XXXX.com/awstats/wwwroot/cgi-bin/ ).However, I can go to...
View ArticleSecuring system and other files from IIS users.
I have configured IIS8 to use separate ACL accounts for each website/applicationpool, moving the websites to their own folders in a different location ("c:\websites\siteA", "c:\websites\siteB" etc.)I...
View ArticleLimiting read access to virtual directory under full-trust
In MVC 5, support for medium trust is gone. Refer: http://stackoverflow.com/questions/21075735/microsoft-mvc-template-full-trust-microsoft-owin-alternativesMedium trust, limited application's read...
View ArticleIIS7 FTP -where to check user info about deleted file
Hello,IIS FTP with AD Isolation Mode, some one have deleted an imp file and I am trying to find who?Win event viewer was no help.Ideally Everyone should not have delete access, I came across a user...
View Articledoes iis 7.5 use OpenSSL (concern: heart attack virus, a.k.a. heart bleed virus)
http://www.economist.com/blogs/babbage/2014/04/computer-security "a software flaw that has left up to two-thirds of the world's websites vulnerable to attack by...
View ArticleRequire Client Certificate not working
Hi guysWe have a server in our DMZ I'd like to use client certificates on. The client certificate will be downloaded from our server NOT in the DMZ. Here's what I've got configured so far:Generated...
View ArticleAuthentication fail - restricted pc user
Hi,Recently we configured an intranet (virtual) server (Windows 2012 -IIS 8) for internal and external use. Authentication runs against AD. Some of our users are only allowed to work on certain pc's....
View ArticleIIS writing username to a text file
Hi,I am trying to get IIS to write out the current username of the logged on user to a text file. Users can access this webpage from any PC on the internal network. I have another script that takes...
View ArticleClik here to view.
ApplicationPoolIdentity and Security issues
Hello,I have a problem with setting up permissions for my web site folder by using DefaultAppPool. ImageBut I keep getting an error messages: First Picture, Second Picture but if I try to cancel it I...
View ArticleSSL Certificate keeps changing on IIS7, I don't have any idea what keeps...
The problem is the SSL certificate just keeps on changing. If we restart our modem the certificate would show just fine for a couple of minutes then it would start giving out a wrong SSL certificate...
View ArticleAuthentification issue with ARR proxy for Exchange Active Sync
Hi,Active sync is working fine in my SBS2003 Environment. Now i have added a Windows Server 2012 Essentials in order to host some mor web applications. I would like the Server 2012 to be a front end...
View ArticleFTPAuthentication using impersonation user
Hi,I am using a custom FTPAuthentication assembly. The validation is done with an LDAP query against a domain controller and works fine. But I noticed with Process Monitor that the FTP connection is...
View ArticleSetting up untrusted FTP account under IIS 7.5 / Server 2008 R2
Hi,I'm trying to set up an FTP account for an untrusted third party using IIS 7.5. For security reasons, I created a new website and ftp under IIS (i.e. running under "thirdparty.example.com" instead...
View ArticleServer unable to send a response to the URLs with sql commands "pg_sleep(1)"...
In our security testing we are injecting sql commands "pg_sleep(1)" & "case when cast" to the web URL's, the expected behaviour is to redirect the users to the home page, but unfortunately it is...
View ArticleIs it really bad for enabling full trust for shared hosting
More and more .NET web applications require full trust, for example nopCommerce, Umbraco, mojoPortal, etc, but some hosting providers still refuse to enable full trust for shared hosting. Is it really...
View Articlemissing Windows Authentication
I tried to install IIS on my computer. it uses windows 7 home prdium 64bit. but the windows authentication selection is not under security taphere is the screenshot
View Article