Clik here to view.
How to remove excess intermediate certificates?
Due to SHA1 deprecation, we have ordered SHA256 replacement certificates for Exchange 2010 OWA and SharePoint. We successfully installed the certificates and when we look at the certificate through...
View ArticleIIS 8 IP Address and Domain Restrictions returns 400 Bad Request when...
We have been using the Dynamic IP Restrictions in IIS 7 (http://forums.iis.net/p/1188448/2018296.aspx/1?Dynamic+IP+Restrictions+for+IIS+7+final+release+is+now+available) using the proxy mode with...
View ArticleClik here to view.
Error connecting to 'Remote Web Site'
I do not know what happened, but now I can not connect to 'Remote Web Site' There is no such path in the registryIs there anyone who can help me?
View ArticleGetComputerSite().Name fails to return name when using ApplicationPoolIdentity
The Problem:An AD Site aware web application must obtain information from an AD controller within the same AD site as the the web application. We have this working in a development environment using...
View ArticleRestrict any redirects to the local app domain.
Is it possible, at a high level, to limit any redirects that an ASP.NET (3.5) app may do to only be to the same app's domain? In other words, is someone was to fiddle something in the front end, which...
View ArticleRequest Filtering Rule for .wsdl
I am trying to use the request filtering rules to prevent SQL injection against my SOAP API.I am trying to apply the blocking terms to the .wsdl and it is not catching the terms in the XML payload.Will...
View ArticleHTTP POST fails after SSL 3.0 is disabled by GoDaddy even though TLS 1.0 is...
Hi all, I'm having a problem with an HTTP POST and I discovered that GoDaddy disabled SSL 3.0 after the POODLE exploit came to light. This was working in production, and now only works in Visual...
View ArticleHow do I prevent AspxSpy?
AspxSpy : http://code.google.com/p/aspxspy/downloads/list Server : Windows 2008 Sp : Service Pack 2 Hotfix : All installed IIS : All sites different user and different application pool
View ArticleIIS 8.5 Cannot set App Pool Identity
I have a virgin install of IIS 8.5 and I'm trying to recreate our IIS 7 configurations.I created an app pool and need to set the identity to a domain account. The domain account is a member of the...
View ArticleClik here to view.
Tsunami SYN Flood attack
I'm trying to protect a web site being attacked by SYN Flood. I suspect the new Tsunami SYN Flood attack. The site is on a Windows 2012 R2 VM running IIS 8.5. The site is an older .NET 2 site using SQL...
View ArticleRenewing SSL certificate using original CSR
HelloWe use IIS as a reverse proxy for an internal EDI (AS2) server. I therefore have an SSL certificate installed, issued by godaddy, and all our AS2 partners have the public key.I need to renew the...
View Articlefix for "an adversary can fingerprint the web server from the http responses"
Hi,I am getting the message,"an adversary can fingerprint the web server from the http responses" after an audit. Kindly provide what fix can be done in IIS for resolving this.IIS version-6 ThanksAnu
View ArticleIIS ./temp/appPools/* folder ACL concerns
Hello, i'm concerned about the security of the ./temp/appPools/* folders, I have set the folder to be full read/write by System and Local Administrators, plus full privileges to Owner Creator to make...
View ArticleIIS8.5 returning Default Website with generic 403 error when working remote
Setup:IIS 8.5, Windows 8.1 Feature installed locallyMS Visual Studio 2013 update 3 MCV 5.2 SQL server locally installed When working on my projects on the corporate Domain via WiFi or LAN everything...
View Articleset all cookie become httpOnlyCookies="true" requireSSL="true"
How do I enable the httpOnlyCookies and requireSSL for all the cookie in IIS 7.5 ?I have tried adding<httpCookies httpOnlyCookies="true" requireSSL="true" />within the...
View ArticleWindows Authentication/Forms Based Authentication
Hi all,I've been handed an issue that has multiple components/technologies to it but I think the issue has come down to authentication on a website that is being set up. I'm pretty green with IIS and...
View ArticleIIS 8.5 and User Rights Assignments - Change in process?
Hello,When installing IIS, several changes are made to the local security policy. These were documented in KB981949 for IIS versions 7, 7.5, and 8. However, in version 8.5, we're starting to see some...
View ArticleBlocking IP via CIDR
Previously I used the j drop command in my Linux based router to keep out China/Russia hackers and script kiddies. I've recently moved to a dedicated server in a data center and I no longer have...
View ArticleClik here to view.
isolation IIS Manager Users
hinot working then i choose User name directory for IIS Manager Usersmy settings: WORKING GOODNOT WORKINGWhy not working?
View ArticleAD authentication over internet not working
Hi,I have the following scenario:* IIS configured to use AD authentication.* Accessing the website locally it allows login using AD user* Acessing the website from Internet it denies login using AD...
View Article