Showing posts with label IIS. Show all posts
Showing posts with label IIS. Show all posts
Tuesday, February 26, 2019
Removing some HTTP response headers
In the web.config of ASP.NET website project:
1. Add the following line to remove the X-AspNet-Version header.
<system.web>
<httpRuntime enableVersionHeader="false"/>
</system.web>
2. Removing X-Powered-By header.
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
3. Removing Server header which you may do it in the global.asax
void Application_BeginRequest(object sender, EventArgs e)
{
var application = sender as HttpApplication;
if (application != null && application.Context != null)
{
application.Context.Response.Headers.Remove("Server");
}
}
To change the default cookie name in ASP.Net
<sessionState cookieName="mySessID" />
Friday, December 29, 2017
HTTP to HTTPS auto redirect
To enforce all client connections to use HTTPS, you need to redirect the HTTP connection to HTTPS. This can be done easily in IIS.
1) Install URL Rewrite for IIS which can be downloaded from the following URL:
https://www.iis.net/downloads/microsoft/url-rewrite
2) Add the following settings that to the web.config file (withing WebServer section):
<rewrite>
<rules>
<rule name="HTTP to HTTPS" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
To learn more about the rewrite component,
https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
1) Install URL Rewrite for IIS which can be downloaded from the following URL:
https://www.iis.net/downloads/microsoft/url-rewrite
2) Add the following settings that to the web.config file (withing WebServer section):
<rewrite>
<rules>
<rule name="HTTP to HTTPS" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
To learn more about the rewrite component,
https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
Thursday, January 19, 2017
Setting up the delete permission in IIS
The following content was copied from this reference:
http://stackoverflow.com/questions/7334216/iis7-permissions-overview-applicationpoolidentity
ApplicationPoolIdentity is actually the best practice to use in IIS7. It is a dynamically created, unprivelaged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:
If you application pool is named "DefaultAppPool" (just replace this text below if it is named differently)
Open Windows Explorer
Select a file or directory.
Right click the file and select "Properties"
Select the "Security" tab
Click the "Edit" and then "Add" button
Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
Click the "Check Names" button and click "OK".
http://stackoverflow.com/questions/7334216/iis7-permissions-overview-applicationpoolidentity
ApplicationPoolIdentity is actually the best practice to use in IIS7. It is a dynamically created, unprivelaged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:
If you application pool is named "DefaultAppPool" (just replace this text below if it is named differently)
Open Windows Explorer
Select a file or directory.
Right click the file and select "Properties"
Select the "Security" tab
Click the "Edit" and then "Add" button
Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
Click the "Check Names" button and click "OK".
Subscribe to:
Posts (Atom)