I have plugged in the HttpCompress module to enable compression for my MVC web application.
If I run my site through the development web server (Cassini) I have no troubles with the execution of compression.
However when I deploy the site to IIS6 the compression is not executing. I have checked the source code of the compression library and the CompressContent handler returns without acting becuase a null value exists for
app.Request.Headers["Accept-Encoding"]
My best guess is that this has something to do with the handling of extensionless urls in IIS6. What do I need to do to fix this problem in production?
[ below is the config for the module, if that is of any assistance ]
<blowery.web>
<httpCompress preferredAlgorithm="deflate" compressionLevel="high">
<excludedMimeTypes>
<add type="image/jpeg" />
<add type="image/png" />
<add type="image/gif" />
<add type="application/pdf" />
</excludedMimeTypes>
<excludedPaths></excludedPaths>
</httpCompress>
</blowery.web>
Some further investigation discovered that I was accessing the server via a proxy, and it appears that the proxy was not forwarding the compression headers to IIS.
It seems the easiest way to identify a proxy meddling with the request is to check the response headers for a via entry.
See the complete list of http headers as a homework task.
Related
I have already referred to this post. But my query is a little different since I want to know if I can achieve this from IIS?
Here is how the Remote Address looks like when I inspect element.
Now, the problem is the IP that is seen is of the server where all my files for the website are deployed and there are concerns from the security team as follows
The application discloses internal IP addresses which can aid
attackers in mapping out the internal infrastructure of the network.
This information can be used to craft other types of attacks.
Here is what I have tried so far..
So in the web.config I was able to remove some other details that were showing in the Response Headers like the asp.net version etc.
<httpProtocol>
<customHeaders>
<add name="X-UA-Compatible" value="IE=edge" />
<add name="X-Frame-Options" value="ALLOW-FROM https://dev.org.com"/>
<add name="Content-Security-Policy" value="frame-ancestors 'self' https://dev.org.com"/>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
<remove name="ETag"/>
<remove name="X-AspNet-Version" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
My question..
I understand one solution here is to mask a Proxy IP, but if there is some sort of setting that I can apply from IIS or web.config to achieve this, then I'd prefer that.
I'm afraid IIS can't help in this case.
Because there is no server variable indicate the IP address of remote server. IIS can only help you rewrite server variable and it is obviously that Server's IP is not included in either request or response context.
I think chrome might get the value from either TCP connction or DNS response.
If you want to hide it, you may have to create a reverse proxy.
https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
I have done and checked the following.
1. made sure components are installed...
Made sure everything is enabled for the server in IIS
Made sure the site has modules enabled
Enabled the settings in web.config
<system.webServer>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
</system.webServer>
My site here http://tinyurl.com/lv44hl4 according to few sites when i enter my url in it says not compressed, for example
http://tinyurl.com/nzfv9z4 (GZIP TEST SITE WITH MY URL)
Am i missing something? (using IIS8, mvc5 and .net 4.5.1)
Ctrl-Shift-I will open developer tools in Google Chrome. According to that your content is compressed via gzip.
I have a application hosted with domain www.abc.com .This is actually WebApi application . I want to build a separate UI application using asp.net mvc, and its domain is www.xyz.com.
The UI application consuming Angular,HTML5 and other Web technologies.Here i really need to perform GET,PUT,POST,DELETE against www.abc.com. unfortunately the limitation of jsonp , i like to choose CORS (HTML5 Cors), but i can't pass json object to CORS calls . what are the best possible best approach to call cross domain calls (GET,PUT,POST,DELETE) using angularJs with my problem scenario . What should i change in IIS to handle CORS request.
add below web.config in webapi
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
and in angular, set below config options for $http
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: http://url.com:8080");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
also check: this link
To enable cross domain ajax calls you can place crossdomain.config in asp.net web api root folder when published with following contents.
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
I'm building out a series of MVC4 Web API's that return various bits of information. In most of the APIs, I'm conducting a GET method and passing a fully qualified domain name.
If I pass a short name the API returns the data as expected; however if I pass a fully qualified domain as an ID ending in ".com" I get a 404.
The API works fine when I debug within Visual Studio 2010; however once I "publish" the content, I start getting 404's. My initial hunch is that it's something with IIS; however I haven't been able to put my finger on the exact problem.
WORKS: /controller/action/server_shortname
404: /controller/action/server.domain.com
Any guidance would be appreciated. Thanks
If you are using .NET 4.0 you can use this in your web.config:
<httpRuntime relaxedUrlToFileSystemMapping="true" />
Apart from that you should also assure that you are running your applicationPool in integrated mode.
There are a few other posts that mention the same problem and depending on your configuration you could find your answer there:
How to get ASP.NET MVC to match dot (".") character at the end in a route?
ASP.NET MVC Url Route supporting (dot)
. has a special meaning in the path portion of an url and is interpreted by IIS as a extension separator.
If you are running in IIS Integrated Pipeline mode you could add the following handler to the <system.webServer> node:
<system.webServer>
<handlers>
...
<add
name="UrlRoutingHandler"
type="System.Web.Routing.UrlRoutingHandler, System.Web"
path="/api/*"
verb="*" />
</handlers>
</system.webServer>
You will only need to adjust the path="/api/*" to the endpoint that you configured your API to listen to.
My ASP.NET MVC application is within a folder called Stuff within IIS 6.0 webroot folder. So I access my pages as http://localhost/Stuff/Posts. I had EMLAH working while I was using the in-built webserver of Visual Studio. Now when I access http://localhost/Stuff/elmah.axd, I get resource not found error. Can anyone point my mistake here! Here is config file entry,
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah"/> //Handler
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah"/>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah"/> //Module
Working with IIS7 I found I needed both sections of the web.config populated (system.web AND system.webServer) - see Elmah not working with asp.net site.
Perhaps this is related.
Have you added an ignore *.axd routes in global.asax?
For Elmah, we need to differentiate between two things:
First the http modules doing all the work of error logging, emailing...etc.
Second, the http handlers, displaying the error log page and other pages (rss...etc.)
I was having the same problem of 404 resource not found because I have a weird setup!
on my development machine, (windows 7, iis 7 ) elmah was working like a charm because the application pool was working in the integrated pipeline mode. In the production machine, however, the application was using the managed pipeline and I tried all my best to make elmah work but it was all useless...
I then got the idea of displaying the UI (error log page, rss, error detail,...) using regular aspx pages.
I downloaded the source code, made some changes (sorry Atif, I was forced to do this because I needed the quickest solution) and then in my application , I created a folder under which I created regular aspx pages which inherits from Elmah defined pages.
The page only contains one line (ex: for the detail page: <%# Page Language="C#" Inherits ="Elmah.ErrorDetailPage"%>)
Now, I was able to run Elmah regardless of IIS 6/7 and it is working like a charm.. and It saved me from a big headache of correctly configuring http handlers and troubleshooting its work! additionally, configuring security is much simpler!
I don't know if the community is interested in this solution (If so, I am ready to post my full changes).
Hope that this gives you an idea on how to solve the problem in an alternative way (and if you need the modified dll with complete instructions on how to use it, just tell me!)
In the application pool settings in IIS set Managed Pipelin Mode to Classic if you don't want to change code or the web.config file. Your axd.s will then work as before.
Can you post the rest of your web.config?
Or, if you're comfortable enough, can you just ensure that the httpHandlers and httpModules (NOT handlers and modules) sections are filled in properly in the web.config?