IIS Failed request tracing - Trace Providers - iis

I'm working on an IIS 7.5 server and enabled the failed request tracing feature however when I attempt to setup the rules I only have an option to select ASPNET as a provider rather than the normal four providers (ASP, ASPNET, ISAPI Extension, WWW Server).
Does anyone know how to get the other providers to display?
FRT - Provider - image

For some reason it seems your traceProviderDefinitions got cleared or something. to fix that you can:
Make a backup of c:\Windows\System32\Inetsrv\Config\ApplicationHost.config just in case anything goes wrong with your XML editing.
Open c:\Windows\System32\Inetsrv\Config\ApplicationHost.config in notepad.
Look for: , in my machine I have the following:
<traceProviderDefinitions>
<add name="WWW Server" guid="{3a2a4e84-4c21-4981-ae10-3fda0d9b0f83}">
<areas>
<clear />
<add name="Authentication" value="2" />
<add name="Security" value="4" />
<add name="Filter" value="8" />
<add name="StaticFile" value="16" />
<add name="CGI" value="32" />
<add name="Compression" value="64" />
<add name="Cache" value="128" />
<add name="RequestNotifications" value="256" />
<add name="Module" value="512" />
<add name="Rewrite" value="1024" />
<add name="FastCGI" value="4096" />
<add name="WebSocket" value="16384" />
</areas>
</add>
<add name="ASP" guid="{06b94d9a-b15e-456e-a4ef-37c984a2cb4b}">
<areas>
<clear />
</areas>
</add>
<add name="ISAPI Extension" guid="{a1c2040e-8840-4c31-ba11-9871031a19ea}">
<areas>
<clear />
</areas>
</add>
<add name="ASPNET" guid="{AFF081FE-0247-4275-9C4E-021F3DC1DA35}">
<areas>
<add name="Infrastructure" value="1" />
<add name="Module" value="2" />
<add name="Page" value="4" />
<add name="AppServices" value="8" />
</areas>
</add>
</traceProviderDefinitions>

Related

Application Insights does not log successful requests for images and static files

None of the static files are being logged in Application
Insights, but I want them to be.
All routes through my application are being logged by Application
Insights.
The Static File requests are visible in the AppServiceLogs.
The App Server Http Host activity is being logged when viewed on the
Incoming Requests in Live metrics
How to change the AI config to include static files like images, ico, files?
<?xml version="1.0" encoding="utf-8"?>
<ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings">
<TelemetrySinks>
<Add Name="default">
<TelemetryProcessors>
<Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.QuickPulse.QuickPulseTelemetryProcessor, Microsoft.AI.PerfCounterCollector" />
<Add Type="Microsoft.ApplicationInsights.SnapshotCollector.SnapshotCollectorTelemetryProcessor, Microsoft.ApplicationInsights.SnapshotCollector">
<IsEnabled>true</IsEnabled>
<IsEnabledInDeveloperMode>false</IsEnabledInDeveloperMode>
<ThresholdForSnapshotting>1</ThresholdForSnapshotting>
<MaximumSnapshotsRequired>3</MaximumSnapshotsRequired>
<MaximumCollectionPlanSize>50</MaximumCollectionPlanSize>
<ProblemCounterResetInterval>24:00:00</ProblemCounterResetInterval>
<SnapshotsPerDayLimit>30</SnapshotsPerDayLimit>
<SnapshotInLowPriorityThread>true</SnapshotInLowPriorityThread>
</Add>
<Add Type="Microsoft.ApplicationInsights.Extensibility.AutocollectedMetricsExtractor, Microsoft.ApplicationInsights" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.AdaptiveSamplingTelemetryProcessor, Microsoft.AI.ServerTelemetryChannel">
<MaxTelemetryItemsPerSecond>5</MaxTelemetryItemsPerSecond>
<ExcludedTypes>Event</ExcludedTypes>
</Add>
<Add Type="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.AdaptiveSamplingTelemetryProcessor, Microsoft.AI.ServerTelemetryChannel">
<MaxTelemetryItemsPerSecond>5</MaxTelemetryItemsPerSecond>
<IncludedTypes>Event</IncludedTypes>
</Add>
</TelemetryProcessors>
<TelemetryChannel Type="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.ServerTelemetryChannel, Microsoft.AI.ServerTelemetryChannel" />
</Add>
</TelemetrySinks>
<TelemetryInitializers>
<Add Type="Microsoft.ApplicationInsights.DependencyCollector.HttpDependenciesParsingTelemetryInitializer, Microsoft.AI.DependencyCollector" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.AzureRoleEnvironmentTelemetryInitializer, Microsoft.AI.WindowsServer" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.BuildInfoConfigComponentVersionTelemetryInitializer, Microsoft.AI.WindowsServer" />
<Add Type="Microsoft.ApplicationInsights.Web.WebTestTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.SyntheticUserAgentTelemetryInitializer, Microsoft.AI.Web">
<Filters>search|spider|crawl|Bot|Monitor|AlwaysOn</Filters>
</Add>
<Add Type="Microsoft.ApplicationInsights.Web.ClientIpHeaderTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.AzureAppServiceRoleNameFromHostNameHeaderInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.OperationNameTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.OperationCorrelationTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.UserTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.AuthenticatedUserIdTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.AccountIdTelemetryInitializer, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.SessionTelemetryInitializer, Microsoft.AI.Web" />
</TelemetryInitializers>
<TelemetryModules>
<Add Type="Microsoft.ApplicationInsights.DependencyCollector.DependencyTrackingTelemetryModule, Microsoft.AI.DependencyCollector">
<ExcludeComponentCorrelationHttpHeadersOnDomains>
<Add>core.windows.net</Add>
<Add>core.chinacloudapi.cn</Add>
<Add>core.cloudapi.de</Add>
<Add>core.usgovcloudapi.net</Add>
</ExcludeComponentCorrelationHttpHeadersOnDomains>
<IncludeDiagnosticSourceActivities>
<Add>Microsoft.Azure.EventHubs</Add>
<Add>Microsoft.Azure.ServiceBus</Add>
</IncludeDiagnosticSourceActivities>
</Add>
<Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.PerformanceCollectorModule, Microsoft.AI.PerfCounterCollector">
</Add>
<Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.QuickPulse.QuickPulseTelemetryModule, Microsoft.AI.PerfCounterCollector" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.AppServicesHeartbeatTelemetryModule, Microsoft.AI.WindowsServer" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.AzureInstanceMetadataTelemetryModule, Microsoft.AI.WindowsServer"></Add>
<Add Type="Microsoft.ApplicationInsights.WindowsServer.DeveloperModeWithDebuggerAttachedTelemetryModule, Microsoft.AI.WindowsServer" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.UnhandledExceptionTelemetryModule, Microsoft.AI.WindowsServer" />
<Add Type="Microsoft.ApplicationInsights.WindowsServer.UnobservedExceptionTelemetryModule, Microsoft.AI.WindowsServer"></Add>
<Add Type="Microsoft.ApplicationInsights.Web.RequestTrackingTelemetryModule, Microsoft.AI.Web">
<Handlers>
<Add>Microsoft.VisualStudio.Web.PageInspector.Runtime.Tracing.RequestDataHttpHandler</Add>
<Add>System.Web.StaticFileHandler</Add>
<Add>System.Web.Handlers.AssemblyResourceLoader</Add>
<Add>System.Web.Optimization.BundleHandler</Add>
<Add>System.Web.Script.Services.ScriptHandlerFactory</Add>
<Add>System.Web.Handlers.TraceHandler</Add>
<Add>System.Web.Services.Discovery.DiscoveryRequestHandler</Add>
<Add>System.Web.HttpDebugHandler</Add>
</Handlers>
</Add>
<Add Type="Microsoft.ApplicationInsights.Web.ExceptionTrackingTelemetryModule, Microsoft.AI.Web" />
<Add Type="Microsoft.ApplicationInsights.Web.AspNetDiagnosticTelemetryModule, Microsoft.AI.Web" />
</TelemetryModules>
<ApplicationIdProvider Type="Microsoft.ApplicationInsights.Extensibility.Implementation.ApplicationId.ApplicationInsightsApplicationIdProvider, Microsoft.ApplicationInsights" />
</ApplicationInsights>
To include static files and 'all requests' in the Application Insights telemetry, add the following to web.config
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
To see the requests in AppInsights Telemetry logs run this query:
requests
| where client_Type != "Browser"
| where operation_Name == "GET {INSERT STATIC FILE PATH HERE}"

CORS Error on MS Edge

We have a running website which makes XHR to another Domains php-service. Currently we are moving this service to a new server. While we did allow CORS and used quite the same settings the request works on the old Server but does not on the new one.
Talking about "quite the same" cause obviously something is wrong, but we couldn't find a difference. IpSecurity allows all Ips, Auth. accepts anomymous, etc.
Old Server: Windows Server 2012; IIS 6.2
New Server: Windows Server 2008R2; IIS 6.1
Web.config:
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<clear />
<add value="index.aspx" />
<add value="index.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="home.aspx" />
<add value="home.asp" />
<add value="home.htm" />
<add value="home.html" />
<add value="default.aspx" />
<add value="default.asp" />
<add value="default.htm" />
<add value="default.html" />
</files>
</defaultDocument>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Headers" value="origin, content-type, accept" />
<add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<urlCompression doDynamicCompression="true" />
</system.webServer>
</configuration>
Error: SCRIPT7002: XMLHttpRequest: Networkerror 0x80070005, Access denied.
Has anyone an idea why Edge won't get access to the new server?
Thanks for any ideas.
EDIT: To further clarify: It does work on Chrome, Firefox and IE 11

Having issues with Azure and SVG

We are having intermittent issues with SVG rendering after moving our website to Azure Web Sites.
All our svgs appears to load correctly the first time and then on refresh it returns a blank document which then makes chrome give you a error on line 1 at column 1: Encoding error error. If you view source all it shows random characters being returned by the server for example !$. Firefox returns XML Parsing Error: not well-formed
Hard refreshing doesn't work, but leaving it a while will make it work for one time again before it does the same thing again.
I've added in the web.config
<staticContent>
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
</staticContent>
As suggested by other posts, but no luck.
I fixed this by setting doStaticCompression="false"
<urlCompression doStaticCompression="false" doDynamicCompression="true" />
The above fixed my issue no other settings, but for the sake of completeness, here is the rest of my settings.
I also have
<staticContent>
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
</staticContent>
And
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
<remove mimeType="*/*" />
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="image/svg+xml" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/javascript; charset=utf-8" enabled="true" />
<add mimeType="application/octet-stream" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
<dynamicTypes>
<remove mimeType="*/*" />
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="image/svg+xml" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/javascript; charset=utf-8" enabled="true" />
<add mimeType="application/octet-stream" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
</httpCompression>

How to protect against shell injection and blind timing on Windows IIS using web.config?

I used Vega scanner to test my web application and it found some Shell Injection vulnerabilities that can be found by entering commands like these:
GET /http:/mywebsite.com/?s="%20%3B%20/bin/sleep%2031%20%3B
GET /http:/mywebsite.com/http:/http:/mywebsite.com/?s="%20%3B%20/bin/sleep%2031%20%3B
I'm running Windows Server with IIS and PHP. A portion of my web.config file is here:
<requestFiltering>
<denyUrlSequences>
<add sequence="module" />
<add sequence="engine" />
<add sequence="tpl(\.php" />
<add sequence="profile" />
<add sequence="Root" />
<add sequence="Tag" />
<add sequence="Template" />
<add sequence="Repository" />
<add sequence="code-style" />
<add sequence="GET /?p=/./" />
<add sequence="/?p=/./" />
<add sequence="/?" />
<add sequence="/?p=/./ HTTP/1.1" />
<add sequence="/bin/sleep" />
<add sequence="sleep" />
<add sequence="bin" />
<add sequence="{" />
<add sequence="}" />
<add sequence=";" />
<add sequence="|" />
<add sequence="~" />
</denyUrlSequences>
</requestFiltering>
What I'm trying to do is block these types of queries from being used by using the web.config file. What I have above should be blocking the malicious queries, but it appears to not be working even after updating the web.config and rescanning. Could anyone give me advice on how to proceed please? Thank you very much!
try using denyQueryStringSequences since in this case the payload based on your example is coming on the Query not on the segments, for example (and adding the segment as well just incase)
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin" />
<add segment="bin" />
</hiddenSegments>
<denyQueryStringSequences>
<add sequence="/bin" />
</denyQueryStringSequences>
</requestFiltering>
</security>
</system.webServer>

elmah.axd not found on IIS 8.0

Ok..I know this is asked many times and I looked bunch of questions and answers about this and nothing worked for me and I am getting crazy. I am trying to put elmah to my asp.net mvc 5 application and I can't get it to work. I keep getting not found error.
My config for elmah is:
<appSettings>
<add key="elmah.mvc.disableHandler" value="false" />
<add key="elmah.mvc.disableHandleErrorFilter" value="false" />
<add key="elmah.mvc.requiresAuthentication" value="false" />
<add key="elmah.mvc.IgnoreDefaultRoute" value="false" />
<add key="elmah.mvc.allowedRoles" value="*" />
<add key="elmah.mvc.allowedUsers" value="*" />
<add key="elmah.mvc.route" value="elmah" />
</appSettings>
<sectionGroup name="elmah">
<section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" />
<section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
<section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
<section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" />
</sectionGroup>
<system.web>
<customErrors mode="On"></customErrors>
<httpModules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
</httpModules>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="Elmah" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</handlers>
<modules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
<!--<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />-->
</modules>
</system.webServer>
<elmah>
<security allowRemoteAccess="1" />
<errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data/elmah" />
</elmah>
and yes i have ignored .axd in my rout config..
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
What am I missing ??
You need to create a MIME type for that extension in IIS:
To define a MIME type for a specific extension, follow these steps:
Open the IIS Microsoft Management Console (MMC), right-click the local computer name, and then click Properties.
Click HTTP Headers.
Click MIME Types.
Click New.
In the Extension box, type the file name extension that you want (for example, .axed)
In the MIME Type box, type application/octet-stream.
Apply the new settings. Note that you must restart the World Wide Web Publishing Service or wait for the worker process to recycle for the changes to take effect. In this example, IIS now serves files with the .axed extension.

Resources