Client Certificates with ARR
Is it possible to enable client certificate authentication in an ARR load balanced web farm for specific apps under a single domain? Apps are configured on the backend web servers but not on the ARR...
View ArticleFTPS filezilla 3.24 "Key usage violation in certificate has been detected."
Hi,I'm using FTPS to protect access to IIS FTP services, with self signed certificates. Starting from version 3.24, filezilla reports that "Key usage violation in certificate has been detected."...
View ArticleProblem with logging behind a reverse proxy (Mod_Security)
Hello,I have succesfuly installed mod_Security on our IIS 8.5 servers.The only problem is that our websites are behind reverse proxy.When a rule is triggered on mod_Security module, the module logs the...
View ArticleUrlScan and IIS Request Filtering for maxUrl
I'm implementing a reverse proxy on IIS with URL Rewrite and ARR. at very high level, the flow is shown below.Browser----->(DMZ load balancer) ---> IIS 7.0 (ARR, URL Rewrite2.0,...
View ArticleIIS - Authentication - Windows Authentication, put AD Domain name in prompt?
We have some users that will be connecting through a VPN Tunnel to our network to an internally hosted web app that uses Windows Authentication through IIS. These users won't be on a domain PC, so they...
View ArticleCan't disable double escape protection with IIS 8.5
Our application needs to use URLs similar to http://localhost/requesthandler/api/v2/data/C0%252F37332%257CCollectionc as part of its REST API. We've been developing for 9+ months with Apache on our...
View ArticleAPPCMD console command line for setting sslflag=2
Hello Everyone,I am using APPCMD commands for configuring my site on IIS. My site is configured successfully, but in IIS8 there is a checkbox while doing https bindings which you need to check for...
View ArticleSecurity Question
Hello Community,i have an IIS7.5 running here and need to restrict traffic to all domains for germany. How can I achieve that? As simple as possible please. Thx.Greets
View ArticleHow would you make Internet Explorer use a different "Credential Provider"
I currently have a workstation that has a dummy login with an SSO over that. User badge in and out to get access to the desktop while the dummy account is the local interactive account. I have tried to...
View ArticleClik here to view.
PCI failure
HiWindows Server 2012 Standard with Essentials role.PCI Scan is giving below failure;Port 443 Protocol TCP Service www SSL Medium Strength Cipher Suites Supported Here is the list of medium strength...
View ArticleWhy am I getting a 403?
I've published a ClickOnce application.The application downloads and installs properly from MyApplication/MyApplication.application.However, if they access MyApplication/setup.exe to automatically...
View ArticleMaxUrl in Request Filtering vs. UrlScan
IIS has UrlScan tool and inbuilt Request Filtering module(IIS 7 and above). The default configuration came with product are as below.Default values for [RequestLimits] section in Urlscan.ini :...
View ArticleMicrosoft IIS Internal IP Disclosure Vulnerability
hiafter external scan , i receive this error :Microsoft IIS Internal IP Disclosure Vulnerabilityand i don't what that mean but i suppose to fix , can you tell me how ?
View Articlesimple login screen (Non-AD) and than display excel htm file
Hi IIS folks,I created an excel file to be displayed on an IIS server on my WAN switch - not connected to my LAN and ADI wish to have a simple login screen (local users - non AD) and only upon...
View ArticleWeb Deploy - Unable to connect from IIS Manager - 401.2 error
I am the IIS 7.5 server administrator. My clients are members of a Windows Active Directory Deployment group, which has been granted IIS Manager Permission at the Site level, on Test, Acceptance, and...
View Articleiis 8 ssl breaks after sysprep
Hi Everyone, I did a sysprep to my windows2012 machine & looks like post that "https" has been broken. My application in IIS8 is not working by using https. Any pointers of preserving the SSL certs...
View ArticleResolving HTTP Error 401.3 - Unauthorized Error
I deleted the default web site in IIS 6.0 then recreated it. Then I added an application by selecting Add Application, gave it an Alias, selected an Application pool, and provided a Physical path.In...
View ArticleIs Double Escaping security risk?
Hi,how big security risk is to allow Double Escaping?Thanks, Vlasto
View ArticleIIS 7 Permissions
We are looking to provide access through AD for our development teams. We'd like them to have READ Only access to the IIS Manager but not be able to make changes. Is there such a setting? I'm...
View ArticleHardware security structure
Dear all,We have implemented a website (ASP.NET 4.5) that reads only from an database (MS SQL 2012) except from two log tables that it writes to (We have a SQL user for that). The customer that the...
View Article