Deny IP by concurrent connection8
Can anyone tell me how long an IP address is blocked when we use the Deny IP by concurrent connection? If we set it to 10 and then an IP makes 10 concurrent connection requests it's blocked, but for...
View ArticleIIS Logging 0.0.64 error code when using client certificate authentication...
Hi Main technologies used:Windows Server 2012 IIS 8.5 Internet Explorer 11 - tried other browsers such as chrome but this is our target. SHA1 RSA certs with Client and Server authentication usage...
View ArticleApplication pool is crashing when it's set to ApplicationPoolIdentity
I am trying to do it but it crashes every time I am running the app. setting to NetworkService works fine. I have added IIS APPPOOL\DefaultAppPool to the application root folder. Still the same. My OS...
View ArticleIIS 7.5 compatibility with SHA-2 certificates
Hello team,For security reasons, we are migrating all IIS certificates from SHA-1 to SHA-2.We have .pfx certificate files.Is IIS 7.5 compatible with SHA-2 certificates? Are there any special...
View ArticleDeny access to all users and allow only to admin groups
Hi,I am not familiar with the security concept of IIS.We use IIS 7.5 (Windows Server 2008 R2).We have two Web sites on the Server: 1) Default Web Site 2) a special application Web site.We use Basic...
View ArticleHow to get SAML token from Application Pool Identity (for the configured user)?
Is there any way to get SAML token for the Application Pool Identity User (configured user)?when we configure application pool dentity stores config entries (user name & password) in...
View Articleiis 7.5 log file with thousands of POST entries
My site has been hit with POST requests every second since the 13th of September. I have found a folder with a couple of files that was dumped on my server through an old upload editor. The two files...
View ArticleConfigure CRL Download
There are very few documents to show how to refresh CRL from CA in IIS7+. The one I got is https://blogs.msdn.microsoft.com/saurabh_singh/2010/12/01/crl-checking-by-iis/. However this is old and there...
View ArticleIIS SMTP SERVICE - SEND SPAM but don't found source
Hi all, i have iis 7.5 and 100 webs application asp.net and asp. All webs application use smtp service but for some days my smtp service send spam from all webs randomly. I tried set log iis-smtp...
View Articleopenssl with client authentication - "no client certificate CA names sent"
Hi.I'm trying to write a webservice to receive some XML from Elemica, a popular procurement web portal. When they try to connect via openssl using a command like this:openssl s_client -prexit...
View ArticleIIS with Sharepoint search to crawl
Could one IIS 8.5 site accept client certificates? and could it be setup using the web.config file instead of the applicationhhost.config file?then install a client cert on the SharePoint crawler ,...
View ArticleUnabel to install SSL Certificate
Hi All,Recently I have install SharePoint with two web applications. Then purchased 2 separate SSL Certificate to make this secure, when I bind the the site with the ssl it shows "at least one other...
View ArticleSAML 2.0 SSO (Single Signon) - Setup IIS as Service Provider
I am looking to setup IIS to use it as Service provider for SAML 2.0.Our client already has SAML IDP setup done. We as a Web Application provider need to support SSO with SAML 2.0 with our application...
View ArticleExecute the PowerShell script in PHP
HiI got this error in this php code:code:$query = shell_exec("powershell -executionpolicy unrestricted -command $psScriptPath -ip '$ip'< NUL");error:The requested operation requires elevation (Run...
View ArticleIISWindowsAuth and NTFS
Hellosite with IISWindowsAuth enabled and NTFS permission right now giving only a few users rights to access site.the pool name is also listed under NTFS, authorization Rules is set to all users -...
View Articleauthentication with webconfig
Hi,I'm trying to configure authentication with config file.The article https://www.iis.net/configreference/system.webserver/security/authentication shows that we could configure it atthe server level...
View ArticleUnderstanding authentication using client certificates
(IIS 8.5, win 2012 r2)I have a website already configured with https, using a regular purchased SSL certificate. It works fine.What I want to do is to limit access to this website (or sub-application)...
View Articlehidden segments blocking access from the server
Hello. I am trying to setup hidden segments to prevent access to a folder from the internet. I have set it up and it works, I cannot access the folder from the internet. I get a 404 error.However I...
View ArticleIIS on W7: restrict access to local user and helpdesk (Powershell)
Hi, I'd like to run a health check report on a W7 computer on a daily basis and therefore run an IIS to show it.However, I’d need to restrict access to local user and helpdesk-group. How can I do this...
View ArticleHow to Read Test Connection message Authentication and Authorization messages...
Usually we can read Authentication and Authorization messages from 'Test Connection' of a web applications->Basic SettingsWe would like to read the the messages in to powershell.(particulary if...
View Article