Tag: IIS
-
Stopping Bots and Website Scrapers from scanning your sites on IIS with URL Rewriteโฆ
Bots and Website Scrapers can be a serious annoyance to anyone who is responsible for administering a website and the more sites and servers you are responsible the more of a problem it can become. Every request a bot or scraper makes requires some amount of resources on the web server hosting the site, the…
Written by
-
Modifying HTTP Response Headers in IIS 8 with URL Rewrite
If you have ever scanned your own site or a site you are responsible for you may have noticed that web servers sometimes tend to give out more information about themselves than is really needed. This information can also be used by an attacker to then target the specific versions of software the server is…
Written by
-
IIS 8 with ECC certificates – increasing your SSL Security on Windows Server 2012
What is an ECC Certificate and why would you need one? The main difference with an Elliptic Curve Cryptography (ECC) certificate is with how the certificate is signed, in this case the Elliptic Curve Digital Signature Algorithm (ECDSA) is used vs the standard RSA we are used to seeing. Once you have a certificate signed…
Written by
-
Hardening SSL & TLS connections on Windows Server 2008 R2 & 2012 R2
Hardening your SSL/TLS connections is a pretty common thing to do on any Windows Server running IIS and web applications that utilize HTTPS, especially if they require some sort of compliance. It is generally a good idea to do this on all of your servers though, to ensure your secure connections really are secure. On…
Written by
-
Fix the obsolete cryptography warning in Chrome on IIS 7 & 8
Update – 2.2.2016 – The ciphers originally listed in this post no longer work to fix the obsolete cryptography warning as Google has upped the requirement from DHE with AES_128_GCM to ECDHE with AES_128_GCM or CHACHA20_POLY1305. The only ciphers we have on Windows that are close to this requirement are all ECDHE-ECDSA which will require…
Written by
-
Testing SMTP with Telnet and PowerShell (Cheat Sheet)
This is my cheat sheet for sending E-Mail through a SMTP Server. This is particularly useful when configuring and testing a new SMTP server. PowerShell: Send-MailMessage -SMTPServer hostname -To youremail@domain.com -From none@none.com -Subject “This is a test email” -Body “This is the body of the test email sent via PS.” Telnet: C:\>telnet hostname 25 220…
Written by
-
Home Server Stack v2
It has been a year or so since I have done an update on my home server stack, there have been a considerable amount of changes and of course a lot of lessons learned. I recently changed jobs and had to move my stack over 1500 miles away, which ended up in a complete rethink…
Written by
-
Using PowerShell to filter and sort IIS Binding info…
In this post I want to talk about a few PowerShell commands for grabbing info about IIS bindings that utilize the Webadministration Module. When a server is running a lot of sites, sorting through the bindings can be a daunting task especially if you are looking for specific information like say what IP’s are bound…
Written by
-
IIS 7/7.5 – Configuring PHP via FastCGI on Windows Server 2008 R2
PHP is a fantastic dynamic programing language which runs great on IIS, but can be a bit slow at times. Traditionally PHP runs on IIS either as an ISAPI extension or as a Common Gateway Interface (CGI) program, running PHP via FastCGI can be a great way to improve performance depending on your application. In…
Written by
-
IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2
One of the first steps you should do when deploying a new public facing web server is hardening your server’s SSL/TLS connections. Disabling vulnerable protocols, ciphers, hashes and key exchange algorithms can help mitigate the now more common exploits like the BEAST attack. By default many weaker technologies are enabled, leaving IIS traffic vulnerable and…
Written by
