I've been trying to understand the issues https://github.com/JimBobSquarePants/ImageProcessor/issues/161 and https://github.com/JimBobSquarePants/ImageProcessor/issues/178 discusses here.
I have an environment where i have my regular site on http://example.com and i have a separate site for imageprocessor served from http://d.example.com.
Then i have the Azure blob cache setup like this.
<setting key="CachedStorageAccount" value="DefaultEndpointsProtocol=https;AccountName=***********;AccountKey=************" />
<setting key="CachedBlobContainer" value="imgcache" />
<setting key="UseCachedContainerInUrl" value="false" />
<setting key="CachedCDNRoot" value="https://imgcdn.azureedge.net/" />
<setting key="SourceStorageAccount" value="DefaultEndpointsProtocol=https;AccountName=**********;AccountKey=***************" />
<setting key="SourceBlobContainer" value="dist" />
<setting key="StreamCachedImage" value="false" />
It seems to work fine but i'm not sure about what is my optimal setting for the "StreamCachedImage" option.
I did some tests locally and with StreamCachedImage set to false it do a redirect to the CDN and i get a 302 and then a 200 from the CDN, and chrome says it cached so just a few bytes is transferred.
First:
Second:
When i switch to StreamCachedImage true i do not get a redirect and only get a 200 but it seems like it always returns the full image to the client.
I should also add that on top of this we also run Cloudflare against both example.com and d.example.com
But well, i basically would like to get some advice on how to set this up and to understand it fully.
Related
My web site is written by ASP.NET MVC 4 and hosted on IIS 6.2.
I need to add custom headers(X-Frame-Options,X-XSS-Protection etc.) to web config in main application.
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-XSS-Protection" value="1" />
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
After I did it, my sub apllications getting http 500 error.I have no idea why this happening.
I already tried option.Also tried remove every customheaders from response headers in IIS, also tried add manually in response headers.
Can you give me an advice to fix this issue?
Try adding the header at the Server level by using "HTTP Response Header" applet.
I think you are adding headers in the "Default Web Site" now. Default Site the header starting with "X-" will give error. I had faced this issue.
You can also try adding it in each App or virtual directory under "Default Web Site".
We are using the request filtering for file extensions in our web.config like so:
<fileExtensions allowUnlisted="false">
<add fileExtension="." allowed="true" />
<add fileExtension=".aspx" allowed="true" />
<add fileExtension=".ashx" allowed="true" />
<add fileExtension=".asmx" allowed="true" />
<add fileExtension=".axd" allowed="true" />
<add fileExtension=".html" allowed="true" />
<add fileExtension=".htm" allowed="true" />
However we have run into a problem. When we go to a url with a directory with a dot in it, for example "https://localhost/myamazing.folder" it will return a "HTTP Error 404.7 - Not Found" since it now thinks that its an extension that's not allowed.
When allowUnlisted is set to true, or without any filtering, iis will perform a courtesy redirect because its a folder. Is there anyway to keep this redirect behavior intact while still filtering extensions?
This is iis default security setting if you want to allow the unspecified extension you need to enable it by using
another way is set allow file name extension and then set allow URL by following below step:
In the "URL" tab allow the list of URLs->add the URL which you only want to allow.
that's how it will redirect URL /myamazing.folder to /myamazing.folder/
if you are using asp.net mvc site you can refer to below link:
Dots in URL causes 404 with ASP.NET mvc and IIS
We have a Asp.NET web api that handles requests from Android and iOS apps. We started to experience issues with GET requests that contained query strings. A URL like this: http://localhost:10723/api/Locations?userId=32432-a4r2-f32r3 gave this response:
A potentially dangerous Request.Path value was detected from the client (?)
After some debugging I saw that the querystring had been encoded, so the actual request was http://localhost:10723/api/Locations%3FuserId=32432-a4r2-f32r3, and that caused the issue. I can make changes to the apps that will fix this, but since this a app that is in production right now, I am desperately looking for a quick fix in the API that will allow the apps to work now.
What I have tried so far:
<httpRuntime targetFramework="4.5.1" requestValidationMode="2.0" />
<pages validateRequest="false" />
And related httpRuntime web.config tricks.
I have also written a custom request validator.
But everything is telling me that this is something that happens before the pagevalidation and my request validator is hit.
I was able to solve this by adding a rewrite rule for url on the server:
<system.webServer>
<rewrite>
<rules>
<rule name="Allowing querystrings.">
<match url="^(.*)\?(.*)$" />
<conditions logicalGrouping="MatchAny" />
<action type="Rewrite" url="{R:1}?{R:2}" />
</rule>
</rules>
</rewrite>
</system.webServer>
I do realise that his question was asked and answered, but unfortunately the solution of complete clean, rebuild, restart.. doesn't work in my case and my lowly reputation doesn't allow me to comment. So I am I think compelled to ask it again with my info.
Sample code:
CloudStorageAccount storageAccount;
string settings = CloudConfigurationManager.GetSetting("StorageConnectionString");
storageAccount = CloudStorageAccount.Parse(settings);
I have my web.config section like this:
<appSettings>
<add key="owin:AppStartup" value="zzzz" />
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="StorageConnectionString" value="DefaultEndpointsProtocol=https;AccountName=xxxx;AccountKey=yyyy"/>
</appSettings>
In the ServiceConfiguration.Cloud.cscfg I have:
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=nnnn" />
<Setting name="StorageConnectionString" value="DefaultEndpointsProtocol=https;AccountName=xxxx;AccountKey=yyyy"/>
</ConfigurationSettings>
and in the ServiceConfiguration.Local.cscfg I have:
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
<Setting name="StorageConnectionString" value="UseDevelopmentStorage=true" />
</ConfigurationSettings>
I converted this to an Azure project from a standard MVC web project in order to use the Azure storage blobs etc. I am finding that no matter what I seem to do it always uses the Azure storage.
As I step through the code snippet above.. I can clearly see the returned connection string as the one coming from the web.config app setting... I feel I must be doing something fundamentally wrong or missing something..?
A small point (maybe?) as I converted the project over, there was an error message (on a pop up and not saveable) about a connection string error and it not working. I hadn't even created this particular connection string at that time and the only other one (for localDB does work). That however is in the web.config section and as it ain't broke I didn't fix it to go into the ..
Any help would be appreciated.
Further Addition, from the comments by Igorek below, I did check the Role settings and they appear to be correct.
Then .. after a lot of messing around, some experiments which still didn't work, I've taken a step back. I actually don't want a cloud service, I ended up with one because I thought I needed one to access Blobs and Queues, I had already decided that WebJobs seems like the way to go first to keep as abstracted as possible.
So I have rolled back to prior to the Web SITE that I had before and found but I still CAN'T seem to get it to use development storage.. although I imagine that CLoudConfigurationManager probably doesn't handle Web Sites? Any tips?
Check into settings of your Role within the cloud project. It will have a default for which configuration it starts with. Simply swap from Cloud to Local.
I have created an MVC Web Api for some university coursework, that works as expected on my development machine (Running VS11).
However when I deploy the application to the webserver on 123reg HttpVerbs other than GET and POST appear to not reach my application at all, initially a 401 Not Authorised response was returned; however after turning off the "WebDAV" module as suggested here these 401s became 405 Method not allowed. In this case I only disabled the handlers as disabling both the handlers and the module meant that my application did not start at all (Error 500 without a stacktrace [custom errors are off]).
I am planning to utilise the forms membership provider to add authentication capabilities to my API, however I removed any [Authorise] attributes from my code when 401s began appearing.
Applications on 123Reg's shared hosting are run under Medium trust.
I have been in contact with 123Reg support, and they have been semi helpful, but have since decided that they cannot help me further (They suggested adding HttpHandlers as detailed below) (Apparently, I should consult a web designer...)
Things I have tried:
I have added [AllowAnonymous] Attributes to my controllers and/or actions with no effect.
I have added the authorization web.config attribute allowing all verbs and paths to all users both authenticated and not:
<authorization>
<allow users="*" />
<allow users="?" />
<allow verbs="*" users="*" />
<allow verbs="*" users="?" />
</authorization>
I have added (As suggested by 123Reg):
<system.webServer>
<handlers>
<remove name="WebDAV" />
<add name="PUTVerbHandler" path="*" verb="PUT" modules="ProtocolSupportModule" resourceType="Unspecified" />
<add name="DELETEVerbHandler" path="*" verb="DELETE" modules="ProtocolSupportModule" resourceType="Unspecified" />
</handlers>
</system.webServer>
This appeared to be a step forward, as we now receive 405 responses rather then 401 respones, however I am now unable to make any further progress. Additionally I have also added:
<httpHandlers>
<add verb="*" path="*" type="System.Web.Mvc.MvcHttpHandler"/>
</httpHandlers>
This also made no difference.
Any help you can give would be much appreciated (I dont really want to have to move host for this application!)
This post solved my problem. I did all the regular things: added all the necessary <handlers> entries, disabled WebDAV, but I still had 401.3 Unauthorized.
Enabling forms authentication solved the problem:
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms" />
</system.web>
I found this: http://forums.iis.net/t/1163441.aspx
From the looks of that forum post, you need to completely uninstall WebDAV for the PUT and DELETE Verbs to work. This is not going to help on a shared webhosting scenario unfortunately.
For me it was something different.
I had to go to the site folder, open the security tab for the folder, press Edit button to change group or user names permissions, find the site from my IIS 8 sites and give it a full control permission.