I am facing an issue where server header information is showing up in IIS. I know by using URL rewrite module and creating outbound rule will resolve the issue. Problem here is when i am checking individual severs i am seeing server header information as Server:-Microsoft-IIS/7.5. and when i am checking LB URL i am seeing server:- IA Web server. not sure from where this text is coming up.I checked the web.config file but the entry for witting own server information is not present in an tag. Also one more information i have akamai implemented after the web servers. Could some one help in this context.
This is added by IIS Server. Adding outbound URL-Rewrite rule is the best way to go as adding a custom HTTPModule to remove headers or through global.asax.cs as explained in this answer won't work for static files.
See detailed blog here - https://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/
Related
Say we have an internal URL https://my.internal.url (in our case a Liferay Portal) and from a web application firewall an external URL https://my.external.url pointing to this internal URL.
The internet user is using the external URL.
PrimeFaces extends attributes like for example
onclick="...;window.open('https://my.interal.url'..."
This leads to CORS problems.
The HTTP header Access-Control-Allow-Origin is not an option, since the internal URL is internal.
We'll talk with the WAF people about URL replacement, but I'd like to know wether or not we can tell PrimeFaces to use the external URL (or maybe relative URLs in case this would work).
The portal doesn't know about the external URL but of course we could implement this as a configuration option.
(watching the source code, there are more occurences of the internal URL outside of the jsf/PrimeFaces portlet, so I add the liferay tag too)
Update
The question is obsolete, WAF has to handle this correctly (an old SSL environment did it, a new WAF environment doesn't)
You say
The portal doesn't know about the external URL
however, any properly configured reverse proxy (or WAF) should forward the actual host name used to request the current page.
On Apache httpd's mod_proxy_http, this is done with the option ProxyPreserveHost On. When forwarding with AJP, the host is automatically forwarded. Other WAF/Proxy configurations - of course - differ. But the proper way to generate the URL is to let the generating server know what URLs it should generate.
If you need to worry about the proper host name, you'll need to do so by request: Liferay is well able to use Virtual Host names to distinguish between different sites - and if they're completely different, you might be signed in to one of them, but not to the other. This has a repercussion on the permissions.
Have the infrastructure handle it for you. Don't write code (or application configuration) for it.
I need to add a custom http header to every http response from my IIS 8.5, but only for specific file types (css, js and html).
I've tried this solution
Add custom header based on file type, but it seems outdated, and I'm getting errors for bad web.config file.
How it can be done on IIS 8.5?Any help will be appreciated.
Solution on this link still working Add custom header based on file type for your problem.
You weren't able to use it because you need to install URL Rewrite module for IIS.
Please go to https://www.iis.net/downloads/microsoft/url-rewrite , download, install it and then restart IIS. After this steps error about bad web.config file should gone
I want to use a reverse proxy to point one of my endpoints to a resource that's hosted elsewhere. My primary server (where everything else is hosted) is in an Azure Web App and is otherwise working perfectly.
I've been using this seemingly failproof article along with the other links mentioned at the bottom of it: https://blogs.msdn.microsoft.com/zhiliang_xus_blog/2016/01/19/build-a-google-reverse-proxy-site-on-azure-web-app-in-less-than-3-minutes/
As a baseline, I used a Web App with no additional code and confirmed that the reverse proxy works. This was done by manually creating/editing the web.config file and applicationHost.xdt file then restarting the server.
I've tried 3 separate approaches (all on clean, new web apps) all of which are failing for me:
Push my code, confirm it works, then follow the reverse proxy steps manually
Follow the steps manually, confirm reverse proxy works, then push my code
Put the reverse proxy files into my codebase and push everything at the same time
None of these 3 approaches are working. Is this a bug in Azure? How can I try to figure this out?
Post XML Transformation (XDT), have you restarted the site?
I would suggest you to take a look at this blog from Ruslan:
http://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
It talks about using a Site extension. It implements the reverse proxy and it does the XDT transformation for you.
If the above is setup correctly, then there is something wrong with the URL Rewrite rules. I would recommend you to enable Failed Request Tracing and debug this further.
The link/way you posted used URL Rewrite to implement a reverse proxy. I tested it and it worked fine with my empty web application. After published a web application to the Azure Web App(For example, an ASP.NET MVC web application), the URL Rewrite stopped working. The reason is that all the requests to your web application are routed by ASP.NET route module.
To enable URL Rewrite for some URLs, we need to disable ASP.NET route for these URLs. For example, if you want to rewrite all the requests with "product/xxx" format to another site. You could add following code to RouteConfig.cs file.
routes.Ignore("product/{action}");
The problem in this specific case was the location of my web.config file.
It needs to be in the root directory of the application which, in my case, was not site\wwwroot. My code was being generated and copied into site\wwwroot\dist. Putting the config file in that directory fixed the problem.
Additionally, there are logs that can be enabled to get some insight as to what's going on: https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log
I have been trying to generate a SSL certificate for one of our projects which is running on an Azure VM which has no IP restrictions. However, the challenge file which is generated throws a 404 error and is not accessible over the web.
I have tried the following:
Moving the static content type above the extension less options in IIS
Adding a mime type for text/json, text/html
None of the above work which is making it really hard for me to generate a SSL using this service. Any idea how I can make it accessible ? I have given full access to that specific App Pool identity so permissions don't seem to be an issue in this case, its just the way the extension less files are being handled in IIS
Any help is appreciated.
Thanks,
Vishal
You just Add a New MIME Type on IIS
like this .
and try use the url at your browser . you will see that
Now you can Pass the lets-encrypt authentication :)
Also, if you're using a system with lots of custom routing or a framework that interferes with how URLs are handled (e.g. a CMS), ensure that you've told it to ignore /.well-known
We often use Umbraco for public-facing sites and I keep forgetting that I need to add ~/.well-known to the umbracoReservedUrls app setting in the web.config. Hopefully next time I'm stuck, I'll come across this answer...
Taking inspiration from the accepted answer, I did the following:
I was using plesk for windows on Godaddy.
Go to
Web server settings
In the MIME types, added the following node and click OK.
text/plain .
Note the dot at the end of the above setting.
I'm trying to set up my IIS server as an origin server for a CDN. I have solved some issues already for example that IIS doesn't give gziped content to proxies (if they have the via header) and also that frequentHitThreshold problem.
My CDN supplier pointed out that another problem with IIS is that it doesn't return a "Vary" header if the client doesn't request the content gziped. According to them the problem is that if for some reason the first client that request the content doesn't want the content gziped the CDN then doesn't request a new version of the file since the Vary header doesn't indicate that it should return two different files depending on "Accept-Encoding".
My only solution so far is to add "Vary: Accept-Encoding" as a custom header but since IIS automatically add this vary header when gziped is requested so i end up with multiple values like "Vary: Accept-Encoding, Accept-Encoding".
Anyone have any solution to this? Or can confirm that it's a real issue.
This is a real issue. IIS gzip module overwrites existing Vary headers. Please vote on this MS Connect issue. Related article here.
This issue is now addressed by an official patch to IIS. To download and further info, visit http://support.microsoft.com/kb/2877816
Erez Benari, IIS PM