IIS 7.5 updates to custom errors and compression

Looking at number of people reaching my first blog post while searching for information on IIS 7.5, I figured I should do few more posts on changes which are coming in IIS 7.5. In this blog post I am covering new features which have been added to compression and custom errors modules in IIS 7.5.

Changes to custom errors

1. system.webServer/httpErrors section is made delegation safe
In IIS 7.0, httpErrors section was not delegated by default which means custom errors were not available to site owners for customization. Reason why the section was not delegated is because once the section is delegated, site owners are free to return any file they can read as a custom errors response which wasn’t secure. Server administrators can delegate the section securely using custom application pool identities and file ACLs which require lot of work. In IIS 7.5, if system.webServer/httpErrors@allowAbsolutePathsWhenDelegated property is set to false custom errors module will only allow paths relative to site root folder (not absolute paths) when the section is delegated. If server administrators want to allow absolute paths in web.config files even when section is delegated, they can set allowAbsolutePathsWhenDelegated property to true. Error 500.19 (configuration error) with detailed error description “Absolute physical path <folder> is not allowed in system.webServer/httpErrors section in web.config file. Use relative path instead. ” will be generated if allowAbsolutePathsWhenDelegated is set to false and an absolute path is detected in web.config. This restriction is applied to properties path and prefixLanguageFilePath but not defaultPath. Here is how httpErrors section will look like if a site owner wants to configure localized custom errors when only relative paths are allowed.

<httpErrors>
<clear/>
<!-- Make module return %SITEROOT%\myerrorsfolder\%LANGUAGECODE%\401.htm -->
<error statusCode="401" prefixLanguageFilePath="myerrorsfolder" path="401.htm" />
<error ...
</httpErrors>

With this feature, hosters can now easily delegate custom errors section to site owners. Note that this feature will be available in Win2K8 sp2 as well.

2. Changes to default configuration
With httpErrors section now made delegation safe, the section is delegated in a fresh install. Because the behavior is controlled by system.webServer/httpErrors@allowAbsolutePathsWhenDelegated property, this attribute is locked in the default configuration. This ensures that this property cannot be overridden by site owners to enable absolute file paths. As relative path restriction is not applied to defaultPath property, system.webServer/httpErrors@defaultPath is locked as well and cannot be used in web.config files.

Changes to compression1. Changes to schema
If a file is too small, compressed version of a file can be larger than original file. Due to this minimum file size for static compression (property system.webServer/httpCompression@minFileSizeForCompression) has been changed from 256 bytes to 2700 bytes. Also default value of system.webServer/urlCompression@doDynamicCompression is changed to true which will result in dynamic compression being enabled out of the box.

2. Changes to default configuration
application/atom+xml”, “application/xaml+xml“ mime types are added to list of mime types for which static compression is enabled by default.

3. Dynamically compressed response is flushed periodically
system.webServer/httpCompression@dynamicCompressionBufferLimit property controls maximum amount of dynamically compressed response IIS will buffer before forcing a flush to client.

In addition to these changes in compression, we are looking into completely supporting compression scheme extensibility as there has been some interest in writing new compression schemes. I will update this post with details on that when I know for sure that we are doing it for IIS 7.5.

Hope this helps.
Kanwal