IIS10 on Server2016 & Forcing Cookies to us SSL
Hi,I have a need to force a site to transmit cookies over SSL only. I tried editing the web.config file for the site by adding<httpCookies requireSSL="true" />as I had read in some posts....
View ArticlePasswords and usernames for sub-pages?
Hello all, Can IIS have passwords and user names for sub-pages? I only have general password for the top level now, but would like to have separate distinct passwords for each link for the...
View ArticleWebDAV with Windows and Digest Authentication
Hello to everyone!I'm newbie to IIS and I want to ask the following question:I have an Azure Windows 2012R2 server with IIS 8.5 (WebDAV) only through HTTPS to share files to my windows users wherever...
View ArticleInternal Address Leak IIS8.5
We have a customer that is being audited by a security company for the purpose of using a web based credit card payments system. The company has failed the customer on a number of issues most of which...
View ArticleFTP Request Filtering not being recognised
Hi EveryoneI am using a VPS server installation of MS Server 2016 on Windows 10 which I connect to via RDP.Could anyone please tell me why I cannot transfer files any files larger than 30mb to any...
View Articlecertificate type for SNI on multiple web sites
Hello,I am working on setting up IIS to use SSL. I am using IIS 8.5 and I understand that SNI will work for this. I understand the procedure for using SNI. My question is concerning the certificate.We...
View ArticleSSL certificate questions
Sorry, but I have almost no experience with SSL certificates and how to implement them.I have an IIS 8.5 server running on our intranet. We'll call it MYIISSERVER.Under MYIISSERVER, I have several...
View ArticleWebDAV authentication fails - 401
I have tried to enable Web Dav on my IIS7 but the authentication fails. This is my log:2010-05-03 12:12:43 212.55.220.220 OPTIONS / - 80 - 80.219.85.97 Microsoft-WebDAV-MiniRedir/6.0.6002 200 0 64 578...
View ArticleRemoving the 'Server' response header with custom error pages
Hi,I was reading through this thread while looking at how to remove the 'Server' HTTP response header on 404 pages:...
View ArticleEDMS Problem with IIS - Unknown error (0x80041455)
Hi,We have C# code deployed on IIS 7.5 in Windows 2008 R2. The code add/remove/search users in active directory using edms. The ARS has been upgraded to 7.0 from 6.0 so we upgraded the .net version to...
View ArticleUser account seems to be locked
Hello together,I want to access my ftp server with one account from several pc's at the same time, is this possible? It seems that the account is locked if the server if accessed simulteanously. Do I...
View ArticleSyntax for Content-Security-Policy in Web.config
Hi,On Windows 2012, I am trying to trying to set Content-Security-Policy, set in web.config, to allow all entries from *.corp.location.com.After checking online, I set it up as below, but it failed.Can...
View ArticleFTPS Windows Server 2016 Security
How secure is publishing a FTPS site on Server 2016?If I open the port on my hardware firewall to allow ftps to the server will it be enough to protect it?Thanks
View ArticleWindows Authentication Issue in IIS 8.5
I have an intranet web site using Windows Authentication. I have disabled Anonymous Authentication and enabled ASP.NET Impersonation and Windows Authentication, using NTLM.In my application I have an...
View ArticleCreating sites to use different security protocols (SSL3-TLS1.2)
For demo purposes I want to create 4 separate websites on the same server that each use a different security protocol. For example:-Site 1 can only do SSL3.-Site 2 can only do SSL3 & TLS 1.0.-Site...
View ArticleAuthentication mode enabled on IIS is getting disabled automatically and...
The website currently has both anonymous and widows authentication enabled. Randomly, it gets disabled and we have to manually enabled it back again. What could cause the IIS to disable the enabled...
View ArticleChanging from http to https - Chrome works, Internet Explorer: HTTP 400 Bad...
Hi,first - I I've read through all articles popular search engines find to this topic.For your information: The system affected is Dynamics 365We have the following situation:After switching the CRM...
View ArticleUsing IIS as SSL proxy for a hosted webapp on the same server
Hello all, I've put this here, since i can't seem to find an IIS-specific forum in the drop-down (still new here, might have overlooked it) Apologies to the moderators if i caused you guys more work....
View ArticleDynamic IP Restriction message for user
I have installed/enabled/set up Dynamic IP restrictions, including limiting the number of concurrent connections for a given IP address. I have looked all over the place and cannot figure how I can...
View ArticleWhere to see Dynamically Banned IP`s and how to enable Advanced Logging.
HiI just enabled Dynamic IP Restriction Feature. Firstly, How can I see what IP`s are blocked ? Although, I enabled "Logging Only Mode" , So where does the log file go ? In addition, I wanted to enable...
View Article