Removing an IIS server’s IP address from HTTP responses

  Introduction The purpose of this blog post is to discuss how to mask an IIS server’s IP address from being sent as part of an HTTP response.  By default, IIS can send a server’s IP address in the Content-Location or Location response headers of a response.  Beginning in Windows 2003 SP1, you can configure…

3

IIS7 – ASP.NET on Windows Server 2008 Server Core R2

If you are a Server Core fan, and wished you could host ASP.NET websites in Server Core, then feel better, you wish had come true. Windows Server 2008 R2’s Server Core will have .NET Framework which means, ASP.NET too. This is a big news for all those wanted to deploy Server Core, but stopped because…


Time vs. Time-Taken fields in IIS logging

  Questions often arise pertaining to what the Time-Taken and Time fields are reporting in the IIS logs.    The Time field is quite straightforward: it specifies when the log entry was created.  Note that this is not always the same as when the log entry actually gets written to the log, as buffering can…

0

How to configure URLScan 3.0 to mitigate SQL Injection Attacks

The purpose of this blog post is to review the concept of SQL Injection attacks, to introduce URLScan 3.0, and to discuss how to configure URLScan 3.0 to block a SQL Injection attack that uses the Cookie header of an HTTP request as its attack vector. What is a SQL Injection Attack?There is a wealth…

0

Configuring IIS to work around webpage display issues in Internet Explorer 8.0

Special thanks to Sean Everhart for contributing this topic    Internet Explorer 8.0 introduces a new method of interpreting and displaying the HTML data sent from web servers.  In some cases, this can result in the web pages being displayed to users incorrectly.  For example the pages may display with incorrect layout, or with overlapping text…

6

IIS6 – Caching of UNC content: Reverting back to the Last-Modified Time method

As explained in the white paper on IIS and remote storage, IIS 6.0 offers two methods of file caching which need to be considered when configuring your server to host remote content.  The two methods are on-demand polling based (using the content file’s Last-Modified Timestamp), and change notification based (using the File System Change Notifications). …

8

IIS7 – Adding your UI extension to the IIS manager hierarchy

In the last post I was talking about writing a simple UI extension which would appear like below: How about you adding this to the IIS manager hierarchy – just below “Application Pools” and “FTP Sites”? Here is what you need to do additional to the steps you followed using my previous blog on this….