OCSP stapling not working
I run a website on Windows Server 2012 R2 (IIS8.5) and am busy beefing up the TLS security. Running SSL Labs tests against the machine shows that it is not using OCSP stapling. I have read in several...
View ArticleWhy IIS denied all aps.net access through windows authnication all sudden
I have a website, which is intended for logon windows user only, so I set IIS anonymous access = false, windows authenication = true.and assign all users to a group that have access to the wwwroot...
View ArticleIIS 7 php file_exists
Hi, I have authentification Windows enabled, My application pool is running under a domain account.When I launch this php script: $dir =...
View ArticleHow Redirect browser(client) based on non-negotiable SSL/TLS protocol or...
Hi guys,we have a security requirement wherein we are forcing the browsers accessing our application to have atleast tsl 1.1 , but we don't want to simply block the request, instead we would like to...
View ArticleIIS does not work after TFS installed
Hi,I have a problem about IIS for a few days, and i tried a variety of solutions from the websites. But couldn't solve the problem.After my friend installed TFS server, all the websites on IIS don't...
View ArticleIIS IP and Domain Restrictions
Hello,I am in need of limiting access to one of our applications from a specific customers site.I have done some searching around and have found a couple of posts that lightly touch on how to setup and...
View ArticleIIS 8.5 offers all client certificates
Hi!Situation: WS2012 R2 / IIS 8.5, two way SSL is required, so client must have certificate for accessing website. While trying to access website, all certificates with authentication EKU are...
View ArticleIIS Reserved Filenames - Custom Redirect page Issues
Hello,Hopefully someone will have a quick fix for this, but I'm currently at a loss to resolve this.In a recent Pen test it was identified that our custom error page(s) were not working for sites when...
View ArticleHow to secure my server port for secure connections only?
Hi - after a security scan on Windows Server Web SP2, I received this message"The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted)...
View ArticleCredentials prompt across trusted domain
We have many web applications which use Windows Authentication - this works absolutly fine for us. We have now merged our IT with another business and have trusted their domain, but users accessing...
View ArticleWindows authentication question
Hello all, I apologize, I'm very new working with IIS. We have a company directory site we are creating to be used internally that is php-based. We are in a public library, and so what we would like...
View ArticleClik here to view.
Recommendations for securing IIS7 in DMZ while managed by GPO
I am running into some different and/or conflicting information regarding the best way to setup this environment which is pictured below. Here are some details:1. Clients authenticate to the web...
View ArticleUnable to Access Outlook from IIS server
Microsoft.Office.Interop.Outlook.Application mApp = new Microsoft.Office.Interop.Outlook.Application(); Microsoft.Office.Interop.Outlook.MailItem mEmail = null; mEmail =...
View ArticleFiltering rule issue
Hi,I'm scratching my head trying to think of a way to resolve this filtering rule issue.In IIS I have some integration web services on port 443 that I want just one external "VIP" client IP address to...
View ArticleClik here to view.
iis7 windows 7 home premium missing digest auth choice
I seem to be missing the Digest authentication choice in the features section ?How can I get it to appearhow do I get it back
View ArticleIIS 7.5 do not offer certificates for SSL login
Hi!Situation:We use third party smartcards for accessing IIS websites. Two way SSL is IIS requirement. In IIS server root and intermediate certificates are imported so IIS trusts our third party client...
View ArticleLimit each site to its directory
We have a folder named HostingInside of that we have around 10 websites that are all wordpress and 1 that's ASP.NET. Each one has its own folder, own pool identity, and each folder has its pool...
View ArticleASP.NET file upload
I have web form where I need to upload a file. I have set the maximum file size size as 10mb in web.config file. Now I need to validate the file upload in the form. If I try to upload a file size...
View Articleusing App_Data\aspnetdb.mdf
I am attempting to utilize my site's App_Data folder with aspnetdb.mdf to control access to the site. The error I get then attempting to log in is the infamous: Login failed for user 'NT...
View ArticleKaspersky blocking webdav Windows Server 2008 R2
Hi All,i have problem cannot copy file via webdav, but i can create folder. services webdav running on windows server 2008 r2, this server running AV Kaspersky Endpoint Security 10. I already set...
View Article