Trying to access directory named "/data": 403 - Forbidden: Access is denied
I have a local site on my Windows 7 PC. Trying to access all directories named "/data" fails with403 - Forbidden: Access is denied.e.g:http://localhost:2020/scripts/Data/failsAll other directories can...
View ArticleIIS 7.5: Uknown files and Exe files injection
Our webserver seemed to be comprised and we noticed alot of junk files (coachoutlet.html / EXE files..scripts.) being loaded on web server files. We have a firewall and anti virus and some how it still...
View ArticleIIS 7.5 - FTP IP Restrictions Not Stopping Authentication
When configuring "FTP IPv4 Address and Domain Restrictions", I can set the "Access for unspecified clients" to "Deny" under the "Edit Feature Settings" option. Even with this option configured,...
View ArticleGetting ModSecurity IIS 2.7.2 to work on IIS 7.5/8.0
According to http://forums.iis.net/t/1192523.aspx ModSecurity isn't supported here, but that post is from before the release. So some insights and support would be nice.I'm unable to get...
View ArticlePHP Scheduled Task - run as Application Pool Identity?
Hello,We are running a PHP-based website under the standard App Pool configuration. We have granted +w permissions to the 'IUSR' security principle on certain files that need +w access, which works...
View ArticleAllow non-administrators to manage IIS
I'm building new 2012 servers for our development team, and I would like to be able to give the devs access to create and modify sites in IIS without them being administrators on the server. In the...
View ArticleIs there any way to configure IIS web app (in DMZ) to access SQL Server (in...
Hi!I have IIS web app which is located on the server which is not member of AD domain, and I have SQL Server which is installed on the server which is a part of AD domain member.Now I need to configure...
View ArticleMultiple SSL Certificates IP:Port combination question
Good afternoonCan any please validate or make recommendations on the following:Setup1 Web Server IIS 7.5 on DMZ with two IP addresses say ( Internal IP's: 192.168.0.5 & 192.168.0.6)2 SitesSite A -...
View ArticleIIS 8.0 Webdav: >15 seconds wait time before logon screen appears
I use my own cloud with webdav to connect through a browser. It takes more then 15 seconds before the logon screen will appear. This is very annoying.HTML: ID="myElement"...
View ArticleAuthenticate to IIS site configured for Windows Authentication using smart...
I am trying to get users to authenticate to an IIS site by providing a certificate to access the site. I have configured the IIS server for Windows Authentication and is a requirement since I need to...
View ArticleIUSR Rights for folder.
Hi all,I have created a website using Webset up project which work fine. But i have some basic permission issue which is i have a TEMP folder in Physical path mapped to one of my Virtual directory....
View ArticleIIS 7.5 + CGI + SSL - Problems with upload limit? (30MB cap)
I'm hitting a really annoying problem with IIS 7. I've setup my web.config by the books as follows:<?xml version="1.0"...
View ArticleClik here to view.
Dyanmic IP Restriction
Installed IIS 8 on Windows Server 2012 with ASP.NET Support.Hosting a Site.Tweak Security of Server by using Dynamic IP Restriction Setting.After that Tried to DDOS the Server from another computer in...
View ArticleSystem.UnauthorizedAccessException - how to solve this problem ?
Hi to everyone.I have problem with copying file from App_Data directory in my ASP.NET Application, IIS server run this application with NT ACCOUNT/NETWORK SERVICE identity, in this folder i flag...
View ArticleForms Auth Using AD
Hi -I am a systems administrator who is not at all a developer, but I need to implement Forms Authentication on a Windows 2008 R2 server running a third party web application. So far I haven't been...
View ArticleWhat is the proper way to authenticate a windows user in asp.net?
I have a IIS server running on a Windows 7 machine. I have an ASP.NET site set up on the machine with the authentication set to Windows. I have my Authorization node setup as...
View ArticleISAPI filter to block requests for URLs with MS-DOS device names
Hi all.I have a web application that was under audit and the result said I have to create a ISAPI filter to block requests for URLs with MS-DOS device names to avoid an attack by DoS.The message is:...
View ArticleClik here to view.
Secure Access to Web Site with appcmd.exe
Hello all,we have a web server that hosts lots of web applications that I create with a batch file script using appcmd.exe. the idea here is that each team has their own web app and they must not be...
View ArticleRemoving HTTPS binding affects other sites?
My scenario:<div mce_keep="true">Multiple HTTP sites (example1.com, example2.com, etc.) on same IP</div><div mce_keep="true">Wildcard *.example.com cert that is used for WebDAV...
View ArticleHTTP Error 403.16 - Forbidden on IIS 8.0
I configured IIS to require SSL and Client Certificates. In the browser, I am prompted to select a valid client certificate. When I do, I get the 403.16 with: Most likely causes: •The client...
View Article