What is Reddit's opinion of
Microsoft IIS?
From 3.5 billion Reddit comments
46 reviews of this app found across Reddit:
Also use IIS' backup tool. It takes backups of each server change prior to changing it. Bindings are captured in that.
- You can either install it via the IIS Web Platform Installer or downloading v2.1 directly
- This is only relevant if Exchange 2016 is running on Windows Server 2012 R2 (it's built in to WinSvr2016), and even then this should be automatically installed through Windows Update but if not you can just download it
- AMSI was introduced in CU21, you'd need to check with CrowdStrike whether it supports AMSI
- There are no schema changes between CU21 and CU22
- I believe that this applies to newly generated certificates, so if you specifically want to regenerate anything using SHA1 you'd need to do so manually
Actually I just ran into a similiar problem when setting up RDS. What I ended up doing is pointing port 443 to the RDS Gateway server, added dummy sites that bind to the app's hostname/external FQDN and used the URL rewrite module in reverse proxy mode to forward the request to the app's server
the URL rewrite module is available here and the setup is pretty straight forward, feel free to PM me if you need any assistance
.htaccess files are for apache, it looks like your site is hosting aspx files which would indicate an iis server.
So on an IIS server that web.config file is used for many of the same things a .htaccess file on apache is used for, it appears you can do a redirect in there:
https://www.stokia.com/support/misc/web-config-response-redirect.aspx
halfway down the page it gets into the non gui based web.config method:
https://www.iis.net/configreference/system.webserver/httpredirect
You can download the Microsoft URL rewrite plug in for IIS from https://www.iis.net/downloads/url-rewrite and configure it so that it redirects http requests. This will keep your R3 cert validation working and all requests redirected to the RDWeb site.
You can do this with the IIS URL Rewrite module. I think specifically you want to use a rewrite map and the final URL will be the SharePoint Online URL. You can probably use any other proxy type software like Nginx
correct answer, since you're already using iis, add the features: https://www.iis.net/downloads/microsoft/url-rewrite https://www.iis.net/downloads/microsoft/application-request-routing create a arr-serverfarm and rewrite the url pointing to it
I have not discovered anything free and easy for mobile OSes that also provides similar security levels as Windows on a domain network.
FTP and similar services provide username/password authentication and very basic file syncing capabilities. If only one person is using a folder offline that is one thing, but several people with some kind of file sync to the same folder? That’s actually pretty complicated. It will cause you a lot of headaches if you implement a simple solution that wasn’t designed to handle two people modifying the same file offline or similar time/date conundrums.
Also, nowadays you are assuming more risk if you hook up an Internet solution that doesn’t have multi-factor authentication.
Most people are solving these issues with Microsoft Sharepoint Online, Dropbox, etc.
Acronis has a self-hosted solution that does all of the kinds of things you would want. It costs $$.
https://www.acronis.com/en-us/mobility/files-advanced/
If you still want to move ahead with something free after I say all this stuff...look at Microsoft’s FTP.
It is available starting with IIS 7.0 as a separate download - I believe that is Server 2008. In Server 2008 R2 and newer it is an installable role/feature.
IIS is a Microsoft web server tool. https://www.iis.net
There should be plenty of guides out there on how to set it up. Don’t worry if they say to have certain windows server versions installed, windows 10 will be fine.
First you need to identify if you are every getting to the IIS box. If you're not, then you're obviously never going to get anywhere. I'd verify that using the IIS Logs (%SystemDrive%\inetpub\logs\LogFiles) by generating a "unique" request that you'll easily be able to find. (http://hostname/MyFile.txt?Unique=1)
If you are getting to the web server, you then need to identify what is causing the redirect. For that, I would recommend capturing a Failed Request Trace Log (https://www.iis.net/learn/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis). When you define the condition, you could do status codes 300-399 which will capture all "300" reasons. Hopefully from that you'll be able to identify what in the workflow is causing the redirect.
If that doesn't help, if you can provide more details about what is happening and how your server/network is setup, it may help.
Good luck
I got you fam. These are some decent docs to help you out
- Configure the site on iis
https://support.microsoft.com/en-us/help/323972/how-to-set-up-your-first-iis-web-site
- Configure remote web deploy for the site
Build the .NET site in visual Studio (it sounds like you already have this part done)
Deploy the site from VS to the remote server
https://msdn.microsoft.com/en-us/library/dd465337(v=vs.110).aspx
- Since you also need DB access, you should install the SQL flavor of your choice on the remote server and use that for development. Just set up the connection string in the .net site to connect to the right DB
You should be able to just use the HTTP Redirect module...
https://www.iis.net/configreference/system.webserver/httpredirect
Make sure 'Redirect all requests to exact destination' is unchecked, this will pass along the path and query parameters.
Otherwise if you want to create a URL Rewrite...
Requested URL: Matches the Pattern
Using: Wildcards
Action: Rewrite
Pattern: *
URL: https://full.site:1433/{R:1}
[x] Append query string
Or if they're all hosted on the same IIS Site and you just want "SEO Friendly URLs" you can add a condition where {HTTP_HOST} does not match full.site and {Server_Port} does not match1433 and change Logical Grouping to "Match Any". To avoid rewriting proper requests.
Sounds like you need a "redirect rule"
It'd be something like:
- Pattern: ^old-directory/actual-app/more-app-dir/(.*)
- Action Type: Redirect
- Redirect URL: new-directory/actual-app/more-app-dir/{R:1}
- Redirect Type: During testing use Temporary (307), otherwise your browser will cache the redirect. Once you're sure everything is OK, you can consider changing to Permanent (301).
For another sample, check out https://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module especially under the heading "Creating a redirect rule"
Hollar if you have any questions/issues.
To add to /u/Teknowlogist 's most-correct answer, another option would be .htaccess rewrite rules if, for example, you didn't have server-level control of your website. This link explains more, official IIS guide.
You're asking several different things here.
What's the best protection for a Server 2012 web server? Depends. Best endpoint security? Best firewall protection? Best security/privilege practices? Is this going to be an actual internet-facing server with ICANN-registered domain, or is it going to be a home lab that isn't exposed to the public internet?
As far as software for web hosting services goes, Server 2012 ships with IIS (Internet Information Services), which can function as an HTTP/S, FTP, SMTP, and NNTP server, among other things.
You still need to use a username and password; all FTP servers are this way.
Did you get PHP registered with IIS correctly? I like to use the PHP Manager for IIS extension to install and register PHP with IIS: https://www.iis.net/downloads/community/2018/05/php-manager-150-for-iis-10
First off you will need the URL rewriter extension for IIS. https://www.iis.net/downloads/microsoft/url-rewrite
Then you will need to create a rule in the extension that performs the rewrite/redirect
Lauren,
start with InstallRolesAndFeatures.ps1 then check if these resources are activated on IIS
In Web Server Role Services / Application Development: IIS-Websockets, IIS-Application Init and ASP.NET 4.7
And in Security: IIS-WindowsAuthentication and IIS-URLAuthorization
After that you still need this two installers:
IIS URL Rewrite: https://www.iis.net/downloads/microsoft/url-rewrite#additionalDownloads
.Net Core Hosting Bundle: https://docs.microsoft.com/pt-br/aspnet/core/host-and-deploy/iis/hosting-bundle?view=aspnetcore-5.0
IIS has a way of reading the redirect rules from your web.config.
Open IIS, select your site on the left panel, then go to the "URL Rewrite" module. You'll see all the redirect rules here and you can disable or delete as necessary.
If you don't see "URL Rewrite" you may have to install the extension first: https://www.iis.net/downloads/microsoft/url-rewrite
> Do you typically RDP into the remote machine to administer it? Or do you connect to it using the IIS Manager on your local Windows PC?
I can bet my morning coffee on the RDP thing. Given you have a pretty niche market, 99.95% of times the admin of that IIS would RDP to it - because it is his sole IIS server.
But, speaking about administrating IIS...
Okay, there is a "IIS Management Service" which could be installed (and manually enabled, it isn't by default) along the way with IIS which would allow to admin the IIS through the remote connection in IIS Management Console. As I said 99% people won't use it, but with server core there is no other way (except scripting, of course).
Your best option is just to get a copy of WinSvr (on official Eval Center or cough anywhere else), fire up VirtualBox with a two VMs and try to do the both "RDP" and "IIS MGMT SVC" type of deployments. That would be the closest thing to what your customers are having.
This article is pretty old (judging by the looks) but nothing really changed in managing IIS remotely.
You might have to get a copy of the VM from before the upgrade.
The most supported way of migrating IIS (with app pools and settings) is Web Deploy. So you boot up your old VM without networking, unjoin from the domain, change its hostname and put it on the same network as the upgraded server, then you rejoin to the domain. They're going to have the same local machine SID for the duration of the operation, but it shouldn't matter too much (since your application is down anyway).
Now you should be able to use Web Deploy to synchronize IIS from the old server to the new.
This should work in theory, but I never figured out the syntax for Web Deploy, so I found another way of fixing IIS on my 2008R2->2019 box. 😉
can you point DNS for the subdomain at a dedicated IP?
if it's a shared IP that has to point to IIS, you could use the URL Rewrite extension to have IIS act as a reverse proxy for the linux box. bear in mind this will put the IIS server in the middle of the Internet and the linux box, meaning if it goes down or experiences resource issues your linux box will affected.
u/GPGrieco is right. It is most likely a mod_rewrite issue. IIS doesn't come with mod_rewrite, so you will have to set that up first: https://www.iis.net/downloads/microsoft/url-rewrite
As far as the user authentication goes, I would do this:
- Log in to your server and create a local (not a domain/AD user) user account. Give it a difficult password. Make sure it's a standard user (not an administrator).
- Open IIS and navigate to your website (probably named "Default Web Site"). Double-click Authentication. Right-click Basic Authentication and select Enable. Right-click it again and select Edit. Make sure Default domain and Realm are blank (so IIS will use local accounts). Disable .NET and Anonymous authentication.
- Try it out over Wifi or something and verify it works.
As far as PHP goes:
- Go here and download the version of PHP your application requires. Ask the dev what version you need.
- Pay careful attention to the name of the release. Ex: VC15 x64 Non Thread Safe. VC15 = Visual C++ Redistributable version 15. X64 = Platform (32-bit, 64-bit). Non Thread Safe (NTS) = You will need this version for Windows (Do not use anything labeled as Thread Safe or TS).
- Download the zip file and extract it to C:\PHP or C:\Program Files\PHP (or C:\Program Files (x86)\PHP). Open the PHP folder and rename the
php.ini-productionfile tophp.ini. - Download and install PHP Manager for IIS. After it's installed, it will show up in IIS as an icon. You can configure it at the web site level or at a global level. Use it to register your version of PHP.
- Try running your test PHP page with
<?php phpinfo(); ?>in it.
We used to do it with the routing module. I think this is the link: https://www.iis.net/downloads/microsoft/application-request-routing.
I don't think that will work if you are using IIS6. You may want to use something like kestrel, nginx or haproxy if you can't swing the version requirements. These would run out of band of your iis as stand alone processes and forward traffic to your iis instances. I'd suggest getting monitoring and restarts working if you go this approach (something like monit)
Yes, it must be IIS that is returning a 301 or 302 if the browser is redirecting from abc.com to www.abc.com with both resolving to the same webserver. A common way to do this is by using the URL Rewrite module. There is no way in DNS to return the HTTP response required to redirect a browser.
ARR (Application Request Routing) lets you use IIS as a load balancer, which I think is what you're after.
A single exposed IP (or multiples; it doesn't matter) can serve up multiple sites from different back end servers (or farms of servers) based on hostname (e.g. host1.example.com and host2.example.com), or even different URL's to different back end servers based on name (e.g. www.example.com/folder1 to 10.0.0.10, and www.example.com/folder1 to 10.0.0.11, and www.example.com/folder* to 10.0.0.12); you can use wildcards and regular expressions to route requests, and there is a mechanism to substitute variables into the routing logic.
It's very stable and performant. My hosting environment serves hundreds of sites (.NET, Java, PHP and static), from multiple back end server farms, running everything from IIS, to Apache on Linux, to J2EE, to NodeJS. 100k hits per day.
You can even have several ARR servers clustered with NLB to eliminate single points if failure (and do patch reboots during the day without clients even noticing).
What specific questions did you have?
ok! check out ARR: https://www.iis.net/downloads/microsoft/application-request-routing - might work for your case, but needs a front-end node. for total ha, this would be a (redundant) LB in front of your web farm... Forgot to mention - NLB is stateless, thus only applicable to sites that don‘t need session affinity. And there‘s also: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/web-application-proxy-windows-server
:)
Not a performance issue, but have you considered making clean URL aliases? For example, taking this:
http://aonprd.com/MonsterDisplay.aspx?ItemName=Alraune
And turning it into this:
http://aonprd.com/monster/alraune
Over in Linux land I'd do this with regex and mod_rewrite; the equivalent in IIS land would be the URL rewrite module that Microsoft wrote. It's not a high priority by any means -- I'm just a fan of shorter URLs that are easier to remember. I think they help a bit with SEO as well.
Windows features something called Application Requested Routing (ARR): download
It essentially turns IIS into a reverse proxy. Whether you would want to, that is up for you to decide.
But it works quite well.
As everyone else says, you need the load balancer or reverse proxy.
IIS can do the same thing with URL Rewrite - https://www.iis.net/downloads/microsoft/url-rewrite
Point the static IP to resolve to one WebServer.
Setup IIS instances for all webservers on the main server, set the bindings correctly.
Setup URL Rewrite on each instance you want to forward to the 2nd and 3rd WebServer. (Internal DNS required)
This will then serve each WebServer per hostname on one IP.
I think HSTS is considered one better -- at least in PCI audits. For the best scoring you're supposed to include the preload and subdomains items with a 1 year recheck period minimum (<action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />) .
Then, there's a preload list you submit your domain to https://hstspreload.org/ that the Chrome org keeps for these domains that are known to be approved. The list is open and used by other browsers including Firefox. Once you're in that list, the browser skips the step of even trying http.
If you know your domains all support https, to implement first install the IIS rewrite module (downloadable version is newest), and under system.webserver in web.config:
<rewrite> <rules> <rule name="HTTP to HTTPS redirect" stopProcessing="true"> <match url="(.)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> </rules> <outboundRules> <rule name="Add Strict-Transport-Security when HTTPS" enabled="true"> <match serverVariable="RESPONSE_Strict_Transport_Security" pattern="." /> <conditions> <add input="{HTTPS}" pattern="on" ignoreCase="true" /> </conditions> <action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" /> </rule> </outboundRules> </rewrite>
All of the checked-in configurations should be setup for local development. Nobody should be able to accidentally build the app in release mode and access production, but it sounds like that can happen.
Use the built-in support for this. Right click your web project and select 'Publish...' and create a web deploy package. On the server, install the web deploy extension. Make different versions of the parameters.xml file for each environment, e.g. local, test, prod with different connection strings, passwords, etc.
This way you can use the built in script and publish to each environment which applies the transforms to web.config.
I am looking at a module after all: https://www.iis.net/downloads/microsoft/httpplatformhandler
Don't intend on using F#, but reading through this tutorial for an idea on how to use it. I get to the section titled Using web.config and am unable to find a user or group named IIS_IUSRS on the server. Haven't installed the module yet though.
Stick to Linux. But if you cant, sure its possible to move your site to an IIS server. You'll probably need the IIS rewrite module and few other extra modules also MYSQL. If all this seems daunting for you, hire someone to do it for you.
As for transferring the site, there are several option:
- Back up the files and mysql database, transfer them to the new server. As long as its the same domain name and the server is properly set up, its pretty straight forward.
- If you want an easier way, try using one of the migration plugin and export your site and import it to the new server.
As for the forum, use step 1 above but for PHPBB. For easy intetration, simply run WP and PHPBB as a seperate install and Link the forum as a wp menu item. If you want a more advance integration try using one of these wp - phpbb integration plugin.
For server basic requirement, you'll need to setup your IIS server to properly support:
- PHP 7 or greater (recommended for future support)
- MySQL 5.6 or greater OR MariaDB 10.0 or greater
- The IIS rewrite module
- HTTPS support
Put API controllers into own folder.
/website/api/(controllers)
/website/(controllers for web content)
Without having all 3rd parties update paths to new API, use IIS URL Rewrite to send request to correct path when the domain is "api.mydomain.com".
The website would use your wildcard cert, so it could handle api.mydomain.com and mydomain.com.
A quick efficient way is to tell the server directly that you need all traffic routed to a different website permanently.
If you're on a Windows Server, you can use a web.config file in the web root of your website: https://www.iis.net/configreference/system.webserver/httpredirect
If you're on an Apache server, you would do the same through a .htaccess file in the same location: http://www.inmotionhosting.com/support/website/redirects/setting-up-a-301-permanent-redirect-via-htaccess
Both do the same thing, tell the server to redirect traffic that matches a certain condition.
301 is the status code to tell search engines, crawlers, and bots that your site has moved permanently to this new address.
I can't speak for URL masking as I've never done it, but a quick google search yielded this: https://www.brontobytes.com/knowledgebase/202/htaccess-URL-Masking-Examples.html
Not a specialist, but wound't the listenerAdapter configuration option allow to add support for the Gopher protocol?
The example on that page talks about it at least ...
Ok, here's how to fix it and I'm pretty sure you'll have to edit the ApplicationHost.config directly. If this stuff isn't clear, respond back and I'll go into more detail.
You have two sections for <system.ApplicationHost>...</system.ApplicationHost>. What you need to do is copy the stuff from the bottom one to the one at the top. In the pastebin that you sent, find line 1090 (<system.applicationHost>) and then CUT that thru line 1258 (</system.applicationHost>). You'll then paste it in at line 151 which is the first line after the first (<system.applicationHost>). Next you need to delete the first and last line that you just copied (which is <system.applicationHost> and </system.applicationHost>). You should only have one of each of those. Save the file, close and open InetMgr and try again.
If this isn't clear, I can fix it and send you back a PasteBin if you'd like.
So ultimately your config file was in an invalid state. The 2nd system.ApplicationHost indicated that several sections (system.applicationHost/appPools and system.applicationHost/sites) were "unlocked". This could have been done by the command > appcmd unlock config /section:system.applicationHost/sites
I'm not sure if you maybe did that, but if so, you don't want to unlock anything in the sectionGroup system.applicationHost. Its not really going to do anything positive anyways. If you want to read up about configuration locking, check out this article (https://www.iis.net/learn/get-started/planning-for-security/how-to-use-locking-in-iis-configuration). Its a complex subject, and I don't know a whole of people other than me that really understand it.
Let me know how it goes...
Tomcat for java is the service host container - the equivalent for .NET (Windows) is IIS and for .NET Core (Any OS) is Kestrel.
The WAR is a website archive - .NET just uses a zipped directory of your .DLLs and static content. Register the directory under a basic route definition (port, SSL, etc) and the service container will serve the content of your site.
First you need to decide how the "external people" will access the server. Typically this would be handled by setting up another server with an "AppProxy" which would forward requests along to the internal server. One solution would be using ARR (Application Request Routing) which is an add-on module for IIS. Again, this would be deployed to another server which would be "outside the LAN" but would be allowed to also communicate to the internal server. You can learn about ARR and a Forward Proxy here: https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/creating-a-forward-proxy-using-application-request-routing
In the link above, you see it setting up "rules" to determine what and how to forward. In the example, they use "Match URL" of * which simply means every request. Instead you would have a pattern such as: "RSSFeed.aspx" which should only match on exactly that URL.
You could do that by developping a sharepoint addin with a provider hosted app hosted in an azure web app. This addin would replace the form and be able to store your file anywhere (such as azure file storage) and create/update an item in a sharepoint list that points to it.
You'll have to configure upload size limitations to allow more than the default in an azure webapp, which is 5Mb i believe. I did something like that yesterday and had to configure the httpruntime tag to add the maxrequestlength attribute (in bytes) but also the maxAllowedContentLength attribute (system.webserver/security/requestfiltering) https://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits#005
2GB is HUGE for an upload over http. Have you tried setting requestsLimits in web.config to a very high number? https://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits
Currently really just these cause they're some of the first I found. https://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2 https://wikis.utexas.edu/display/ISO/Windows+Server+2012+R2+Hardening+Checklist https://technet.microsoft.com/en-us/security/jj720323.aspx
Other than that, I was hoping to find or get some advice from this subreddit about more specific information.
Sorry wasn't paying attention that you wanted the ftp uri as well. Just remove the CNAME and do a straight redirect for all data.company.com requests. https://www.iis.net/configreference/system.webserver/httpredirect
I use it for a lot of web apps on random ports so end users never have to remember the ports.