My Elmah logs are showing hundreds of requests for files (mainly images) that used to reside in a particular folder of my site.
What is the best way to deal with this?
I know that I can add filters to Elmah but is there any way I can stop these requests being logged at IIS level?
Related
I am trying to view the site properties so I can look at my extension mappings in an asp.net core app. I am trying to better understand asp.net at a more intricate or low level. I am learning about ISAPI and how it is the initial code point for an asp.net request.
Anyway when I right click on my site in IIS I do not see the properties tab. I am sure that this is related to the version of IIS that I am using, so my question is, how can I view the site properties? Or how can I get to the extension mappings?
iis 5 and 6 has a feature to see the site properties. after iis 7 there is no option like site properties. you can check iis site advance setting by following the below steps:
1)open iis manager
2)right-click on your site.
3)select manage website ->advance setting
Edit:
Request Filtering which is used to restrict the types of HTTP requests that IIS processes. By blocking specific HTTP requests, request filters help prevent potentially harmful requests from reaching the server. The request filter module scans incoming requests and rejects requests that are unwanted based upon the rules that you set up. and ISAPI Filter always runs on an IIS server, filtering every request until they find one they need to process. The ability to examine and modify both incoming and outgoing streams of data makes ISAPI filters powerful and flexible. you could refer to the below link for more detail on how to configure it in iis:
https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/
https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525937(v=vs.90)
I'm wondering if my website need to be hosted on a different server for load balancing purposes as picture below:
I'm thinking of installing 3 Kentico Project into each server. Then, export and import the site into each Kentico Project and link with the same database connection string.
But what if one of the webparts (.ascx) gets updated? Is that mean I will need to update all 3 Kentico Project. What if other files like js, css, or media?
Is there a proper way to host on different servers but yet can manage the content as one of the Kentico Project get update?
What you are describing is the exact purpose of Kentico's Web farm feature where you can have multiple servers (web farms) connected to a single database. The main purpose of web farms is to ensure that cache and files (not code files, but media files such as the ones uploaded by you as attachments, media library, meta files...) are synchronized across all servers.
Each server in your scenario has its own memory and if you change an object, you want all other servers to reflect the change because otherwise some visitors might end up seeing "old" data, while others wouldn't.
You are also correct in assumption that all code files (ascx, cs, aspx...) will need to be uploaded to all servers. Best way to approach this is to have a tool such as Team city which is able to deploy your changes to multiple servers simultaneously.
With js, css, html, images... it depends where you store them. If you store them in database (not usually the best thing to do) you don't need to update them on particular servers, but if you store them on file system, you might need to. There are many variables here, but some deployment tool will probably be the best bet.
One note here. Try not to install Kentico directly on each of those server and use Export and Import to setup the site. Simply make a copy of the website physically files from your DEV server and paste into each of those server. Then connect them all to the same database.
Why not use the Export and Import? 1. You will get different hast salt string in the web.config which you will get Macro security error, which you will have to replace with the same key. 2. You may miss objects during export and import. 3. The export and import are mostly for the objects stored in the data base, and for the web farm setup, they share the same database, so there is no point of doing that.
You can easily achieve this move to windows Azure from on-premises.
--Can deploy your website/ web project as Cloud service/App service.
--Kentico Azure supports both development and deployment solution
--Built-in scalability
For more details refer below links
Hosting options: https://docs.kentico.com/k10/running-kentico-on-microsoft-azure/microsoft-azure-web-hosting-options
https://devnet.kentico.com/articles/deploying-kentico-to-microsoft-azure-know-your-web-hosting-options
I have two websites running on one server in IIS7.5 and would like to find a way to compare the settings each one has. (I see the question has already been asked for IIS6.)
I want to do this so I can see why one website is handling HTTP 404 errors differently to the other. I am sure I've set all the options in IIS to be the same on each site. I've checked the web.config files have the same values in the <httpErrors> and <customErrors> nodes. I cannot see anything in applicationHost.config either.
Thanks.
Doh! After going back into IIS and comparing the two websites again, I realised I had ASP errors set to "Custom" (instead of "Detailed") on the site that was the problem. The ASP.NET error settings matched, but not the ASP ones. The page that handled 404s was a classic ASP page copied from another site to save time.
I'm still interested to hear whether web.config and applicationHost.config are the only places where website-specific settings are stored?
I'm relatively new to dotnetnuke and am trying to set up a simple site which will have multiple user groups with their own set of files and then another user that has access to all files.
I'm currently playing with doing this with the "documents" module and hiding the module from all but the everything user and the specific company user. This works fine but the security seems to be just security by obscurity.
If I log in as User A and get access to file A and copy its url. I then log out and log in as user B who can't see that file. If I then put the file url into the browser it seems to download fine.
Can anybody tell me if I am doign something wrong or is there no actual user based security on file downloads? I've tried goign to the actual file manager and making the directories explicitly not viewable to user B (they are secure directories too) but still it persists. Am I missing a permissions option at the file level somewhere or is the security designed to just prevent you finding the right links to the files? I'll admit the links aren't guessable (no sequential ids in the url or anything silly like that) but I'm still a little uncomfortable with the security working like this...
DNN FileManager Module
Hi Chris,
Please check out the FileManager module per above link. You are correct that the current FileManager module does not allow access per user roles. You might check Snowcovered for possible substitutes?
It seems that I was doing something wrong. I was referencing a different version of the file which didn't have any permissions attached to it. It seems also that I don't need to have multiple documents modules since if a file doesn't have read permission it will just be hidden in the list.
So to summarise the DNN Documents module will do role based security to prevent unauthorised users from downloading the file and from seeing it in the documents view.
Documents module provides security for LinkClick.aspx urls that are routed to ASP.NET.
If the actual files reside in the file system under the site's root folder, direct urls to these files are served and secured by IIS.
To prevent unauthorized access to direct urls you can disable anonymous authentication and set up Basic authentication with NTFS permissions, for example.
If don't want to touch IIS and administer Windows accounts, you can't store the files directly under any publicly available IIS folder. Security at the ASP.NET application-level is implemented using file encryption or storing the files outside the public IIS folders, like in the database. DNN File Manager offers both of these options: secure folders in the file system and secure folders in the database.
There are also 3rd party modules to manage file security and sharing, like NukeTransfer.
I am using WSS 3.0 in a hosted/shared (read: can make no server-side changes) environment. Unfortunately, between SP and IIS, almost nothing is getting cached, so page loads can be terribly slow.
We have a bunch of custom image, JS, CSS, etc files that are currently just in a /img, /js, and /css directories, all of which are grabbed each and every time the page loads (server is returning "Cache-Control private,max-age=0").
Since I can't do anything with IIS, and can't enable any caching server-side on SP, do I have any other options? I've read in a few places that if your files are located in the layouts directory that they will be cached, but using SP Designer I don't seem to have access to the /___layouts directory, unless I'm missing something....
Thoughts?? Thank you!
Since you are running in a hosted/shared environment I would work directly with the ISP on this one. There are many ways to cache things and the ISP could very well prevent you from doing most of them.
Ask them the following questions...
Have you set output caching on the Page Layouts directory for anon and or authenticated profiles, or at the Site level or at the Site Collection level (overview on how to here)? If not, can you?
Do you have IIS set to compress static files (its not caching, but, will help)?
How much RAM is available to me in this shared environment?
If you have enough RAM, look into caching your custom web parts.
You could also host your custom images, css, javascript etc on a 3rd party CDN (Akami, Amazon Web Services), that doesn't help with your theme and core js/css files.
_layouts is the "repository" for application pages, i.e. pages deployed by sharepoint for performing maintenance etc. through the web UI. It is very well possilbe you don't have access to that folder, it will also not show up in SharePoint designer. You have a couple of options:
If you have a Publishing site, you can enable caching through the site settings.
What you could also do is add the #OutputCache directive to a page you create through SharePoint Designer (Outputcache on MSDN
deploy your site through a solution, which does allow deploying in the _layouts folder