Questions tagged [iis]

Internet Information Services (IIS) is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows.

IIS 7.5 supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of the Windows Server family of products, as well as certain editions of Windows XP, Windows Vista and Windows 7. IIS is not turned on by default when Windows is installed.

184 questions

votes

5 answers

How to fix SSL 2.0 and BEAST on IIS

As you can see on this post TeamMentor.net vulnerable to BEAST and SSL 2.0, now what? the app I'm currently development got flagged for SSL 2.0 and BEAST by SSL Labs. I'm using IIS 7.0 with the latest patches, and can't seem to find the answers to…

tls iis beast

asked Apr 30 '12 at 12:14

Dinis Cruz

votes

3 answers

What is the next step of this file upload attack?

Yesterday I discovered somebody had uploaded this PHP code to my server as a .jpg file via my asp.net MVC application's "Upload your profile picture" form. I believe the attack was unsuccessful for a number of reasons (the images are given random…

web-application appsec iis file-upload

asked Mar 13 '13 at 18:27

Jared Phelps

votes

3 answers

External websites in logs

I have a website, let's call it www.good.com. I've been getting a lot of requests to www.good.com under completely different URLs than www.good.com. I suspect this traffic is also causing some site performance issues. I'm running a .NET solution on…

http dns ddos iis

asked Mar 27 '15 at 13:50

Zachary Dow

votes

3 answers

SSL handshake failure modes

In SSL if the handshake is not successful, does it always end with a handshake alert? Or are there other ways to finish the SSL connection (acceptable by standard). I am asking this, because in an HTTPS server configured to require client…

cryptography tls iis

asked May 22 '11 at 16:45

Jim

votes

6 answers

Is this a ViewState attack?

I recently found this request in the event log: Client IP: 193.203.XX.XX Port: 53080 User-Agent: Mozilla/4.0 (compatible; Synapse) ViewState: -1' Referer: Now, the ViewState: -1' part combined with the origin of the IP address (Ukraine, we don't…

asp.net iis

asked Aug 14 '12 at 10:19

jao

votes

2 answers

How insecure is PowerShell Web Access?

Windows Server 2012 comes with a new feature that allows you to administrate the server via a PowerShell command line in any modern browser including Smartphones. This sounds cool and scary at the same time. I am evaluating this option and are…

passwords tls windows iis powershell

asked Oct 18 '12 at 16:26

Peter Hahndorf

votes

6 answers

weird visitors to my website

For the last three months I have thousands of real visitors to a single page on my website. Those visits are recorded in Google Analytics and count as page views in adsense reports, but they are fake: They are not generated by spam software /…

malware http iis

asked Apr 22 '12 at 05:55

Zaher

votes

7 answers

What is the danger of hosting your SSL certificate yourself?

I have Active Directory Certificate Services on my server, which makes it possible for me to deliver an SSL certificate for the websites hosted on the same server. I know that normally, I need to acquire a certificate from a known certification…

tls certificates certificate-authority iis

asked Apr 11 '12 at 13:22

Arseni Mourzenko

4,644
6
20
30

votes

3 answers

How to add X-Frame-Options header to a simple HTML file?

I am having trouble adding X-Frame-Options header to a simple HTML file. Is there any way to do it using JavaScript?

web-application windows http iis clickjacking

asked Aug 08 '17 at 18:40

sam

votes

1 answer

How does Windows/IIS keep a certificate protected or should I never run Apache Webserver on a Windows server?

If I follow the reasoning of a colleague it seems you should never run Apache Webserver or Tomcat on a Windows server if you want to keep the https certificate safe. Let me explain before this question evolves into a Windows vs Linux troll…

tls certificates webserver iis

asked Dec 19 '13 at 19:52

Gos Bilgon

votes

3 answers

Verify a website user is behind corporate firewall?

We have a public ecommerce website hosted at our datacenter onsite. For people who are within the corporate firewall hitting the website I want to display profiling information about the request of the current page. This would include sql so we want…

appsec web-application asp.net iis ip-spoofing

asked Jun 10 '11 at 18:12

Paul Lemke

votes

2 answers

IIS IP Address Restriction - can I rely on it online?

I've been told that I might have more luck posting here than on Stack Exchange, so here goes: I'm looking for a way to lock down a 3rd party application in IIS. It's a web service, so there's no login page or anything, it's meant for use in a VPN…

network webserver iis

asked May 24 '11 at 04:13

RodH257

votes

1 answer

What are the security concerns with turning off Extended protection for authentication in IIS7 on ADFS?

In setting up SSO for Office 365, in order to make Chrome and Firefox access services on the Intranet, Extended Protection for Authentication must be disabled on the ADFS sever. As the ADFS server is only accessible on the Intranet, and any external…

iis adfs

asked Nov 20 '12 at 23:18

Matt Bear

votes

3 answers

IIS and SQLServer Hardening

Long story short: I'm an engineer doing development, not administration. I have no direct access to the production server, so I can only tell the administration team the best configurations for security. However, as you all know, it's not as simple…

hardening configuration sql-server iis

asked Feb 26 '11 at 18:45

Orca

votes

2 answers

How to display friendly notification about no TLS 1.0 support in browser

A browser that only has TLS 1.0 support won't be able to establish an HTTPS session with a server that has only TLS 1.1 and TLS 1.2 support. This typically results in a cryptic (to a normal user) error about a cipher suite mismatch or in IE even…

tls web-browser webserver iis

asked Dec 17 '14 at 23:49

Devon Holcombe

2 3

…

12 13 Next