Go Premium for a chance to win a PS4. Enter to Win


Web Servers





A web server refers to the software that helps to deliver web content that can be accessed either through the Internet or through an intranet. The primary function of a web server is to store, process and deliver web pages to clients. The communication between client and server takes place using the Hypertext Transfer Protocol (HTTP). The most common use of web servers is to host websites, but there are other uses such as gaming, data storage, running enterprise applications, handling email, FTP, etc.

Share tech news, updates, or what's on your mind.

Sign up to Post

Is there a simple rule I can add in IIS web.config file that any page that ends with .asp, should be redirected to the same name ending  .php
How to Use the Help Bell
LVL 11
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

On a customer's request I have to create a reverse proxy for following URL on customer's server running Apache on CentOS 6.

URL of the back end is

I have added following lines in a virtualhost on Apache:

SSLProxyEngine          On
ProxyPass /
ProxyPassReverse /

But when I access http://mydomain/gateway/order.json I get "Bad Request Your browser sent a request that this server could not understand." . No errors in error_logs of Apache.

I would be thankful if someone can help.

This is probably a noddy question as I'm quite new to this.

I want to use FTP to publish files to the public web.

On Bluehost I've setup an ftp account which I can add files to. The details shown by bluehost are:


How can I get these files to show on my website?

I can login using my domain password and put them into the www folder, but i'd rather not use that account.

Dear Wizards, I got this error in Office Online Server, could you please help? Many  thanks!
Both websites are on the same network, one is an intranet, one is an internet. We want to display some content (XML) from the Intranet site on the Internet site. Can the internet site serve content from the Intranet site if it's given permissions. Any suggestions?
I am sure i might be missing an easy solution, but thought i would ask here to save time.  

I am trying to get a URL that we are putting out to the public to redirect to another domain, but only for a single address, not the entire domain.   The issue is we have our main domain hosted by an external company but have many other web based apps that are hosted locally.   The one web server we created a different longer domain name in which the subdomain has a SSL certificate.  So i would like for the easy URL name to be put on documentation sent out to customers that can be redirected to another subdomain that has the cert.  

our core domain name  main.com   is hosted externally, but mail.main.com points to internal mail server, intranet.main.com points to intranet, etc.       We also have another domain registration  longnamemain.com.   On  longnamemain.com.  we have certificate for URL site.longnamemain.com.     On the renewal notice, I want to put renewal.main.com versus renewal.longnamemain.com.    How can i redirect renewal.main.com to renewal.longnamemain.com.  and not get a certificate error which is what happens now using a CNAME record.  

You might say, why not just use long domain, well there are certain reasons I do not want to use that.  

Thanks for any help.
Good afternoon,

Mozilla seems to have stopped displaying images on our website.  We noticed it today, but not sure when it started.

Our website is https://ppar.com.  This is a 2012R2 Server running IIS 8.5.9600.16384.  Our websites reside on this server.  We have a valid cert for this website.  The images reside on another server running Server 2016 with IIS 10.0.14393.0.  The images server also has a valid cert.  The time on both servers is correct and both certificates have not expired.

When I try a valid link ( https://photos.ppar.com/matrixlarge/11/8120075-1.jpg ) in both Chrome and Firefox, it works in Chrome and fails in Firefox with the following error:
"An error occurred during a connection to photos.ppar.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT"

I'm beating my head against a wall...any help?

Attached images.
I need to replicate data between 2 IIS web servers and load balance between them. I was going to use DFSR but have seen Storage Replica is a new feature in Server 2016.

I have just set up storage replica between the 2 servers using the "New-SRPartnership" command.
Everything looks like it has worked correctly, but it seems I cannot access the drives on my secondary server.

My questions are:
1) Is this by design?
2) If i wanted to have the data available on both servers, is there a way to do this or do I have the wrong product.?

Thanks very much

Does tomcat expands war file if already extracted, if we start tomcat again? Say there is war file which is already extracted and we manually  updated some file,will they be overwritten?

Is this the best way of redirecting pages (permanent 301 redirects) from the old location of the domain to a new site (same domain) within  ASP.NET MVC using c# or should i be creating list within a controller?


        <rule name="Name of page" stopProcessing="true">
          <match url="^Consultants.cshtml$" />
          <action type="Redirect" url="/Home/About" />
        <rule name="New rule" stopProcessing="true">
          <match url="^Consultants.cshtml$" />
          <action type="Redirect" url="/Home/About" />


Open in new window

Free Tool: Port Scanner
LVL 11
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


What are different types of log files in tomcat log folder and what they are used for?
I have a meeting every Tuesday from 7-8 PM.
The attendees require read access to a document during the meeting.

Therefore, I want to restrict access to Tuesdays from 7 to 8 PM.
As well, I want to make sure they are present at the current meeting.

Currently, I password protect the document and change the password every week, giving the new password out at the meeting.
This is a pain to maintain so I figured I'd ask here for any ideas of a better system.
I'm trying to hide admin directory for a https://www.putmeonline.net/. The reason is that because I have to mention disallow path in robots.txt. That's a security risk. I just need a solution so I can hide the admin page using username & password using htacess. Thanks

newbie question on web developing and web servers.  

Question 1: If a web server is running IIS, can I assume that it is not running these:


Question 2:  If a web server is running IIS is it possible to also be running:

One of our ERP systems is provided and hosted by a third party.  One of the security features in place is that the system can only be accessed from our network.

How can such a solution be implemented, my basic understanding is that this would involve some kind of whitelist on a firewall or web server?

My question is how is this possible and what should I be asking our third party for to do a quick audit of the IP address ranges to ensure they only contain IP address from our network (or any other legitimately needed IP addresses)
Experts - I am in the process of configuring Solaris LDAP Client for 389 DS. I have created a profile as below -

dn: cn=shades, ou=profile,dc=my,dc=domain,dc=com
credentialLevel: proxy
serviceAuthenticationMethod: pam_ldap:tls:simple
defaultServerList: ldap.my.domain.com ldap2.my.domain.com
authenticationMethod: tls:simple
defaultSearchBase: dc=my,dc=domain,dc=com
objectClass: top
objectClass: DUAConfigProfile
cn: shades
serviceSearchDescriptor: passwd:ou=People,dc=my,dc=domain,dc=com?sub
serviceSearchDescriptor: shadow:ou=People,dc=my,dc=domain,dc=com?sub
serviceSearchDescriptor: group:ou=Group,dc=my,dc=domain,dc=com?sub

When I am running below script to initiate -

#ldapclient init -v -a profileName=shades -a domainName=example.com -a proxyDN="cn=proxyagent,ou=profile,dc=example,dc=com" -a proxyPassword="password" ldap.my.domain.com
Parsing profileName=shades
Parsing domainName=example.com
Parsing proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com
Parsing proxyPassword=<password>
Arguments parsed:
        domainName: example.com
        proxyDN: cn=proxyagent,ou=profile,dc=example,dc=com
        profileName: shades
        proxyPassword: <password>
        defaultServerList: <ldap.my.domain.com>
Handling init option
About to configure machine by downloading a profile
Can not find the shades …
I am trying to decide which option would be better for redirecting a web URL to a new URL. Basically I have a website autohill.com that I would need to redirect to web.customauto.com and the autohill.com website will be shutdown eventually. which should I use for my external hosted DNS and which should I do for my internal DNS? CNAME or create a new A record with the new name and point the existing A record to the new IP address of the new website?
Hi guys,

I want to create a rule in IIS (server 2012/2016) that would redirect the full url from http version to https while preserving the full url.

To give you an example, let's say I have 2 domain names: domain1.com and domain2.com. I want to set up a rule that would redirect to an HTTPS version of domain2.com while preserving anything else user typed after the main domain bit.
So the rule would do this:
http://domain1.com redirects to https://domain2.com
http://domain1.com/help redirects to https://domain2.com/help
http://www.domain1.com redirects to https://domain2.com
http://www.domain1.com/help redirects to https://domain2.com/help
http://domain2.com redirects to https://domain2.com
http://domain2.com/services redirects to https://domain2.com/services
http://www.domain2.com redirects to https://domain2.com
http://www.domain2.com/help redirects to https://domain2.com/help

I know how to set up a standard redirect from HTTP to HTTPS but it redirects to the HTTPS version of domain while losing anything user typed after the main domain for example: http://domain1.com/help redirects to https://domain2.com (removes /help bit, while i want to preserve it)

The existing rule is:

<rule name="HTTP to HTTPS" stopProcessing="true">
<match url="(.*)" />
<add input="{HTTPS}" pattern="^OFF$" />
<action type="Redirect" url="https://domain2.com/{R:1}" redirectType="Permanent" />

Hope this makes sense and thanks very much…
we have a number of internal applications which rely on IIS for the web server. These are only internal servers but we have noticed the 3rd parties whose apps we use have within the web root  some web.config12.bak type files. These do have hard coded DB and admin credentials within them so we would not want them exposed to any internal officers.

All servers are internal and not internet facing so the risk is limited to internal employees, and it is a small workforce with limited web server skills I would presume. The web root is hosted on the servers D:\, and the actual permissions on  the web root folders themselves only grant IIS_USERS group read on read & execute permissions. I typed the full path into a browser, e.g. \\server\app\live\admin\web.config12.bak and it returns a "404 - File or directory not found" error, even though I know it exists in that path. If I try a sample of other files in that directory such as styles.css, or a log txt file I know exists, my browser loads them up fine. So I am wondering if its something to do with the extension that causes the 404 error rather than ACL permissions preventing their download. As the ACL seems to be the same for all files in that directory, so it must be an IIS additional security control, perhaps.

I just need to be sure this would be consistent for all internal employees, that nobody could download a copy of these web config backup files, or if its the behavior of the browser preventing the …
Keep up with what's happening at Experts Exchange!
LVL 11
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

is there an easy way in IIS to identify the local web root folder (e.g. c:\,.,) for each site/application?
Hi Experts,

I'm wondering how to best log access-logs on Apache while using ProxyPass based on <Location>.

Here are 3 things I have in mind that I'm trying to implement:

  1. I would like to be able to identify the STATUS code Apache received from our application server (ProxyPass) and the STATUS code Apache sent to end-user. I'm not 100% sure how to identify these separate status codes as of now based on %s "<" or ">" redirection possibility on documentation.
  2. I would like to know if it is possible to log the server IP (application server) that processed the request on the backend (ProxyPass), where the response is coming from.
  3. Any recommendation on how to log full headers from REQUEST and RESPONSE headers, including POST data?

This is my current log format:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%v\" %D \"%{UNIQUE_ID}e\"" custom

And the VHOST has the following config:

ProxyVia Full
ProxyRequests Off
ProxyPreserveHost On

<Location /admin/>
Order deny,allow
Allow from all

On the above ProxyPass IP (, that IP is a server pool from haproxy load balancer, it has 4 servers, so for each request, I can land on a different server in that pool.

Apache version: 2.2.15

Thank you!
i want to know how unofficial/illegal websites get live streams of TV channels to show live sporting events and how they do it detail explanation preferred if u don't mind  thanks :)
Hi guys

So we have a slight issue. We are unable to get to two particular websites on HTTPS. Their Australian and New Zealand domains are what we can't get to from our internal network. We can get to the HTTP sites, just not their HTTPS.

However, if we use our guest-wifi we can get to the HTTPS. If we use our mobile phones we can get to it.

Our firewall is permitting the traffic out. So I took a snapshot and we get to a HTTP BAD REQUEST and at the bottom it says something about 'nginx', which proves we are hitting some sort of proxy/web server at their end. I assume they have some sort of load balancers or web proxy causing an issue?

Thanks for helping
I need a web service to remain secret and would use CloudFare or a similar technology to prevent DDoS attacks. Aside from DDoS, what other types of attacks are possible?

I assume my web service domain would be totally hidden, but need to be sure there is no other known threat to it.

We want to do an audit of some web servers (all of which run IIS) to ensure no sensitive information is vulnerable to unauthorised disclosure. I have read some articles claiming often web admins leave backup copies of sites in an area of the web server which may be accessible. And also have read that web.config files can often contain credentials.

Are there any other common types of security sensitive files which may be accessible on a web server from your experience? And also – is there a way to limit which areas of a web server you review/run keyword searches on from the backend OS.  Would it just be anything within 'wwwroot' per site? Or is that quite a simplistic view? And is there a default location for wwwroot per site, or an easy way to identify where the wwwroot per site resides from within IIS?

Web Servers





A web server refers to the software that helps to deliver web content that can be accessed either through the Internet or through an intranet. The primary function of a web server is to store, process and deliver web pages to clients. The communication between client and server takes place using the Hypertext Transfer Protocol (HTTP). The most common use of web servers is to host websites, but there are other uses such as gaming, data storage, running enterprise applications, handling email, FTP, etc.