Add custom http response headers for files matching conditions - iis

I need to add a custom http header to every http response from my IIS 8.5, but only for specific file types (css, js and html).
I've tried this solution
Add custom header based on file type, but it seems outdated, and I'm getting errors for bad web.config file.
How it can be done on IIS 8.5?Any help will be appreciated.

Solution on this link still working Add custom header based on file type for your problem.
You weren't able to use it because you need to install URL Rewrite module for IIS.
Please go to https://www.iis.net/downloads/microsoft/url-rewrite , download, install it and then restart IIS. After this steps error about bad web.config file should gone

Related

Sending URL to ISAPI module in IIS

So I have an ISAPI module running my website. I would like to get the URL to be forwarded to my ISAPI module so that it can parse it and display things accordingly. For example, if I navigate to www.mydomain.com, I wish for my app to run. This does occur. However, I would like to navigate to www.mydomain.com/page1 and for my module to receive the "/page1" portion of the URL, which it does not. Rather, ISAPI complains because it cannot find the file "C:\where\I\have\my\app\deployed\to\page1".
I currently have my ISAPI module configured to run matching "/". If I configure it to run matching "*", it does not complain about not being able to find the file "page1" but instead treats anything I put into the URL as matching the module's request path and instead passes no URL information to the module.
I am uncertain what logs or settings would be useful to troubleshoot this issue.
ISAPI Filters are introduced in IIS 6, and not recommended any more since IIS 7. However, there might exists legacy code which needs to be maintained. So here is the guide to develop, troubleshoot and debug ISAPI Filters. But there is not a lot of documentation for this module to help.

Localhost webserver denying PUT request

I have configured a webserver on localhost with https using Microsoft IIS Administration. I am able to browse directory with files with browsers and Visual Studio using localhost prefixed with https, such as https://localhost/trial etc.
I wish to upload a file to the said directory, ie., trial, using Libcurl to test some features. Unfortunately I'm unable to do so.
Using the same Libcurl example as given on
Libcurl File Upload
-modified for https, the console window tells me that the following has occurred, upon running the code :
IIS 10.0 Detailed Error - 405.0 - Method Not Allowed
HTTP Error 405.0 - Method Not Allowed The page you are
looking for cannot be displayed because an invalid method (HTTP verb)
is being used.
I checked the IIS Administrator and saw that all authorizations are allowed. I suppose the fact that it is flagging a HTTP verb issue rather than HTTPS as I'd enabled and used as URL in code isn't a big thing?
Libcurl uses PUT for uploading files, so should be an allowed verb.
I am quite new to this, so I'm not certain I did something incorrect with the setting up of the webserver, or whether there are security issues or permission issues which are causing a problem here.
As far as I know, there is impossible to use http put or post a file to a IIS web application's folder without writing server-side code. Otherwise, configure an FTP site on your IIS installation. Then you could use ftp command to upload the file.
If you really need using HTTP put or post to upload the file, you could consider using WebDav.
More details about what is webdev and how to use it, you could refer to below article.
https://learn.microsoft.com/en-us/iis/install/installing-publishing-technologies/installing-and-configuring-webdav-on-iis
https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-7/what39s-new-for-webdav-and-iis-7
Try hostname instead of localhost
Add a trailing slash (/) for the directory.

Preventing file fownload (any file even css and js) in IIS8

Is there any way to set up IIS in a way that no file can be downloaded? (without xml configuration and using the IIS UI only).
I know I can remove all mime-types but that is inconvenient, I'm looking for a better option.
You cannot stop of css or js as the server cannot differentiate between a normal
request and a download request when it comes to css or js.
Say you have a CSS or js included in your webpage any html page .This css file will need to be downloaded by the browser.So at server side(IIS) you cannot differentiate a normal download request or browser request. You can deny the download request if the referrer is not matching.For example if someone take sthe URL and directly copying and pasting it in another browser,the referrer header will not be present.Similarly if someone else hotlink to your resources(css,js files),you can stop that too.
By deny download based on Referrer using URLRewrite

Server Header Information Showing up in IIS

I am facing an issue where server header information is showing up in IIS. I know by using URL rewrite module and creating outbound rule will resolve the issue. Problem here is when i am checking individual severs i am seeing server header information as Server:-Microsoft-IIS/7.5. and when i am checking LB URL i am seeing server:- IA Web server. not sure from where this text is coming up.I checked the web.config file but the entry for witting own server information is not present in an tag. Also one more information i have akamai implemented after the web servers. Could some one help in this context.
This is added by IIS Server. Adding outbound URL-Rewrite rule is the best way to go as adding a custom HTTPModule to remove headers or through global.asax.cs as explained in this answer won't work for static files.
See detailed blog here - https://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/

Vary header when content is not gzip:ed on IIS 7 as origin for CDN

I'm trying to set up my IIS server as an origin server for a CDN. I have solved some issues already for example that IIS doesn't give gziped content to proxies (if they have the via header) and also that frequentHitThreshold problem.
My CDN supplier pointed out that another problem with IIS is that it doesn't return a "Vary" header if the client doesn't request the content gziped. According to them the problem is that if for some reason the first client that request the content doesn't want the content gziped the CDN then doesn't request a new version of the file since the Vary header doesn't indicate that it should return two different files depending on "Accept-Encoding".
My only solution so far is to add "Vary: Accept-Encoding" as a custom header but since IIS automatically add this vary header when gziped is requested so i end up with multiple values like "Vary: Accept-Encoding, Accept-Encoding".
Anyone have any solution to this? Or can confirm that it's a real issue.
This is a real issue. IIS gzip module overwrites existing Vary headers. Please vote on this MS Connect issue. Related article here.
This issue is now addressed by an official patch to IIS. To download and further info, visit http://support.microsoft.com/kb/2877816
Erez Benari, IIS PM

Resources