Hello,
I need advice in securing an IIS server and PHP. I'll be uploading some php forms to be accessed through the browser and want to make sure they are secured.

IIS 8.5
PHP 7.0.7

Any help or advice would be appreciated.
Debra

Good Day,

I need assistance with config in a proxy.pac file.

In the file I need to specify that if the traffic is from a certain subnet then it needs to go directly to the internet and bypass our proxy appliance.

Currently there are statements stating that if the destination is a specific subnet then it returns "DIRECT", but I need to add a source subnet in there.

In the .pac file I have statements like this:

var resolved_ip = dnsResolve(host);
      
    if (     isInNet(resolved_ip,"127.0.0.1","255.255.255.255")
        || isInNet(resolved_ip,"10.0.0.0","255.255.255.0")
        || isInNet(resolved_ip,"10.10.1.0","255.255.255.0")
        || isInNet(resolved_ip,"10.10.1.0","255.255.255.0")
          || isInNet(host, "41.160.7.14", "255.255.255.255")
          || isPlainHostName(host)
          || localHostOrDomainIs(host, "127.0.0.1")

       )
      return       "DIRECT";


    else
      return "PROXY 10.51.158.158:8080";
}


So I need to add a statement in that top part that says if the soure of the traffic is a specific subnet (10.54.206.0/24) then it must also return "DIRECT".

Thanks for any assistance.

Hi Experts ,

I have 2 Exchange servers , both running Exchange 2013 in the same domain.
1st Server is Srv3 which was the first Server setup and running Exchange 2013, the 2nd Server is Srv6 this is the 2nd Server running Exchange 2013.
I want to decommission Srv3 and make Srv6 my main and only exchange server.
I have moved my mailboxes across to Srv6 and have purchased a comodo payed cert and this is also installed on Srv6.
Srv3 has a self signed cert installed.
I am looking for some help on decommissioning Srv3 and making Srv6 my primary and only exchange Server.
if I turn off Srv3. I can access my Mailboxes and I can sent mail as now going trough Srv6, but can't receive mail or get to my e-mail remotely (owa).
if I try and setup the receive connector on Srv6 to be the same as Srv3 but  it won't let me.
Any help or advise would be greatly appreciated
Thank you.

Environment

Windows Server 2016
Internet Information Systems (IIS) v10

Issue

I have an IBM supplied script which creates a new application pool called 'analysis' and a corisponding virtual directory

The new app pool and 'DefaultAppPool' keeps crashing / stopping as soon as you try to access their URLs.

Looking at the event log the issue is that neither pool has permissions to access their on-disk folder's that their respective virtual directories represent. For the 'DefaultAppPool' this is [C:\inetpub\wwwroot]

Both app pools are running under the standard (and recommended / best-practice)  'ApplicationPoolIdentity'.

Question

1) How can correctly I give the app pools permission (or rather the  'DefaultAppPool' virtual user) permission to these folders.

2) How could these folders (especially the 'DefaultAppPool' loose permission ?

I manage a web site that utilizes IIS with Windows Server 2016.
Users login with their Windows account credentials.

If I check mark - user must update password on next logon - the user received the regular prompt and cannot log in.

How can I add the logon options to update/change password to my website?

Hello experts,

Good day to you all. I would like to have an experts opinion or knowledge-base article on how to enable ssl using self-signed certificated in windows server (iis).?

Currently, we have an active directory (****.local) domain with a child server (hrms.****.local).
In this child server Windows IIS is enabled and currently working with http binding only on port 8080 (tcp).
Now we want to implement https binding and restrict http access.
Kindly help me through this with your valuable advice.

note - It is an ASP .net application for our company internal usage.

Thanks & Regards,

Mohamed Marzook

There are so many IIS redirect questions. I've looked through many but they all seem to look to redirect to a sub domain. I have the opposite issue. Warning, NOT an IIS admin.

Our vendor setup our new server. Everything works great. Except the site is as follows (not real of course):  www.site.com/sandwich/yummy.aspx. The site will not answer any other responses. I'm looking for www.site.com to redirect to the actual live app of www.site.com/sandwich/yummy.aspx.

My initial gut feeling says to create a new Virtual Directory, type in the details and Bob's your uncle. But I'm not sure of this.

Thoughts from the community, please.

Windows Server 2008R2
IIS 6.1
current-site.jpg
possible-redirect-site.jpg

I have a script to generate app pools and sites
I want for some sites that the anonymous authentication uses the app pool identity
I know how to do that in the IISmanager but I have a script

this is part of the script
%1 is paramater site name %webloc% is path

%systemroot%\system32\inetsrv\appcmd.exe add apppool /name:www.%1
%systemroot%\system32\inetsrv\AppCmd add site /name:www.%1 /physicalPath:%WebLoc%\www.%1\website /bindings:http/*:80:www.%1
%systemroot%\system32\inetsrv\appcmd set app /app.name:www.%1/ /applicationPool:www.%1
%systemroot%\system32\inetsrv\appcmd set apppool /apppool.name:www.%1 /managedRuntimeVersion:v4.0

This is what my question is about to use the application pool identity as anon user
%systemroot%\system32\inetsrv\appcmd set config /app.name:www.%1/ -section:anonymousAuthentication /username:"" --password
will /app.name:www.%1 work as site name?

or should it be
%systemroot%\system32\inetsrv\appcmd set config www.%1 -section:anonymousAuthentication /username:"" --password

I have jQuery/Javascript on my page at:
http://www.domain-a.com/page.html

...and I am trying to do a jQuery $.post to:
https://www.domain-b.com/script.asp

But I get this error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at...

On www.domain-b.com I have the following in web.config (this is an IIS server):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="*" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

Select all Open in new window

...however, I still get the error. I don't have access to .htaccess or anything else on www.domain-a.com. Is it possible for me to resolve this issue, or is it not possible because I don't have access to the www.domain-a.com server? It isn't clear to me if I need to add Access Control to the server where the web page resides, or the server where the target script resides.

Thank you.

Dear Experts

We recently deployed CRM application which is web based and deployed on windows 2012 R2  running IIS and MSSQL 2012, webserver is separate and MSSQL is separate both have enough RAM and CPU but users are experiencing slow, please suggest what could be causing this, how to do performance tuning for  IIS 8.5 and MSSQL performance tuning please suggest.

Hi,

we are in progress of migrating an Exchange 2013 to Exchange 2016.

Clients are already connecting through the new CAS Server (Exchange 2016) to their Mailbox on Exchange 2013.

Some Clients can not connect to some of the Mailboxes (Offline Mode) - also some clients have connections to shared mailboxes and have problems with only some of them, so not possible to limit it to specific users or outlook clients.


On Exchange 2013 we get the http errors in the log:

C:\Windows\System32\LogFiles\HTTPERR:

2018-10-29 10:00:27 x.x.x.x 19221 x.x.x.x 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?server.localdomain:6001 400 2 BadRequest MSExchangeRpcProxyAppPool

Select all Open in new window

On the Exchange 2016 Errors are visible in the HttpProxy RpcHttp Log (<Exchange Server Install Path>\Logging\HttpProxy\RpcHttp)

HttpStatus: 200
BackEndStatus: 200
ErrorCode: InternalServerError      
Method: RPC_OUT_DATA
ProxyAction: Proxy
GenericErrors: StreamProxy=StreamProxy-Response-ExpectReadCallback;PossibleException=IOException;

Versions:
Outlook 2010 connecting through Exchange 2016 CU11 on Windows Server 2016 to Mailboxes on an Exchange 2013 CU20 on Windows Server 2012



Any Idea how to troubleshoot further?

(the Exchange is only available in the local domain, not possible to try testconnectivity.microsoft.com)

I have 2 load balanced server running a website using 1 application pool, IIS web server logs warnings

A process serving application pool 'AppPool' exceeded time limits during shut down. The process id was '5776'.
A process serving application pool 'AppPool' exceeded time limits during shut down. The process id was '6252'.

A worker process '6252' serving application pool 'AppPool' failed to stop a listener channel for protocol 'http' in the allotted time.  The data field contains the error number.
A worker process '7120' serving application pool 'AppPool' failed to stop a listener channel for protocol 'http' in the allotted time.  The data field contains the error number.

Application pool AppPool has been disabled. The request from protocol http to create the application pool failed. Restart the application pool so that Windows Process Activation Service (WAS) can determine the correct state of the protocol. The data field contains the error number.

Hi Experts,

I'm trying to connect to a Access DB in order to sanitize some data using PHP. I Have already enabled by PHP PDO ODBC driver  (uncomment the extension=php_pdo_odbc.dll line in php.ini) and restarted my IIS.

I get the following code...

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] SQLDriverConnect: 63 [Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key Temporary (volatile) Ace DSN for process 0x14b8 Thread 0x11e4 DBC 0x22f8444 Jet'.' in C:\inetpub\wwwroot\DICE-AccessNOC\includes\access_db.php:18 Stack trace: #0 C:\inetpub\wwwroot\DICE-AccessNOC\includes\access_db.php(18): PDO->__construct('odbc:Driver={Mi...') #1 C:\inetpub\wwwroot\DICE-AccessNOC\find-distinct.php(6): Access_DB::getDB() #2 {main} thrown in C:\inetpub\wwwroot\DICE-AccessNOC\includes\access_db.php on line 18

Select all Open in new window

My includes/access_db.php is

<?php

$TBL = "TBL_DICE_Factorial_Analysis";

class Access_DB{
 
    private static $db;
    
    private function __construct() { } //no new objects can be created
    
    public static function getDB() {    
    
        $access_path = "Z:\\Business\\CLIENTS\\DICE Assessment\\Received Files\\NOC_Database_Backup_2_PHPCopy.accdb";
         
        //One connection per browser session
        if (!isset($db)) {
            $dsn = "odbc:Driver={Microsoft Access Driver (*.mdb, *.accdb)}; Dbq=$access_path;";
            self::$db = new PDO($dsn);
        }
        return self::$db;
    }
    
    public function __destruct() {

        self::$db->close();
        
    }
}

function print_variable($var, $label = '', $raw = true){

    echo '<br>=========START=========<br>';
    echo '<b>' . $label . '</b>';

    if ($raw == true) echo '<pre>';

    print_r($var);

    if ($raw == true) echo '</pre>';
    echo '<br>=========END=========<br>';
}
?>

Select all Open in new window

The caller is

<?php
    require_once 'includes/access_db.php';
    
    $query = "SELECT * FROM $TBL ORDER  BY NOC_Code, NOC_Occupation; ";

    $db = Access_DB::getDB();

    $statement = $db->prepare($query);
    $statement->execute();
    $rows = $statement->fetchAll(PDO::FETCH_ASSOC);
    $statement->closeCursor();

    print_variable($rows, 'Fact Analysis');
?>

Select all Open in new window

I have also given full permissions to HKEY_LOCAL_MACHINE\SOFTWARE\ODBC and its children to IIS_IUSRS, but the issue persists.

I'm also posting this under ASP, as I see on Google, this also occurs under ASP.

Any help will be greatly appreciated.