Configuration :: Ock Down A Web Server That Is Only Serving MVC Content?
Apr 17, 2010I would like to lock down a web server that is only serving MVC content. What is the best way minimize my server's attack surface?
View 2 RepliesI would like to lock down a web server that is only serving MVC content. What is the best way minimize my server's attack surface?
View 2 Repliesgot a Asset Management tool which stores (in a folder("node")) an index.htm and a bunch of other asset files such as .js, .css, flv, etcHere's the problem...if I access the index.htm I get ti via it's nodeID http://site/NODEGUID/index.htm , and all compound files try and download via that GUID as well so essientially I just get index.htm content served into each request file, thus giving me an epic fail :)Is there some way in asp.net to intercept that request so I can do a lookup on the DAM and get the proper file reference and send that down instead?
View 3 RepliesI have a domain which is receiving quite a few hits per day and have been asked if I can serve the static content from a subdomain. As the site is quite extensive and already written, I was wondering if there is any way I can use URL rewriting to change:
www.example.com/image.gif
to
static.example.com/image.gif
I have a solution which works using 301 redirects but from what I understand, this is counter productive as 2 requests will have to be made per image. I don't really want to go through all the aspx pages and css to hard code the new url as it will cause problems further down the line - some parts of the site are still being developed and static content could change at any time. I tried using rewrite (as opposed to redirect) to change the url but it came out something like:
http://www.example.com/http://static.example.com/image.gif
How would you achieve this? I have full access to dns and the server (win 2008r2 / IIS 7.5) so can make any changes if url rewriting is not the answer.
I'm busy writing a handler to serve various documents for download or presentation in web forms pages. The documents range from various image formats, to PDF, to MS Office documents, to generic binaries. My basic draft of the download process is as below:
[code]....
However, I have some misgivings about lumping all documents together as application/octet-stream, and I would prefer, if feasible, to use a more specific content type per document type. I have a DB table for document types where I could store this. Am I going in the right direction, and if so, where can I find a suitable starting list of content types for document types?
I have a project that will be assigned to me soon whereby I need to develop a survey which needs to support 40,000 users approximately. Now we are thinking of doing a staged approach so not all users are on the server at any one point of time. Probably splitting it so we can serve at least a few thousand of users...
I dont have much experience of how I can ensure to serve those levels of users on a server and how to manage this so I am after some advice?
From my understanding I need to do some stress testing on a server and obviously I need some figures i.e. average size of request, average size of response and content of response.
- Do I have to build the database and add records in to see what size is a typical survey row?
- Do I have to build the survey in .NET i.e. by adding controls etc and seeing what size is the page?
- The survey shouldnt be too instensive processing wise, it will be adding information into a backend sql database...
I'm trying to server an exe to Firefox from an aspx page. The aspx page handles the headers and the page is launched by our Flex GUI. Flex correctly launches the link for all browsers (including Firefox) so I'm certain that's not the issue.
The problem I'm having is when I try to download the file from within Firefox, FF downloads the file fine but it names it "Content". It has no extension and the file name is incorrect. All the other browsers download it with the file name I specified in the aspx page and they all have the .exe extension. I should note that if I rename the "Content" file to "Content.exe" it runs correctly.Below is the code I'm using in my aspx page -
protected void Page_Load(object sender, EventArgs e) {
string fileName = Request.QueryString["file"];
System.IO.FileInfo fileInfo = new System.IO.FileInfo(Server.MapPath(fileName));
[code]...
I have hosted a site on server. Problem is, content of a particular .aspx file (index.aspx/content.aspx) is periodically replaced by clinet side HTML code(the source we see in browser by right click>view source). What can be reason behind this?
View 2 RepliesI bought a website a few years ago, hosted with WebHost4Life,. Since their migration their has been nothing but problems with my site, however, I am stuck because I don't have the knowledge to move it, have tried with no success. Anyway, recently I have been getting parser error messages, Webhost fixed them, and then it starts over again. It takes them weeks to get around to it and since its my livelihood, I can't afford for the site to be down for 5 days then running for one day. I've tried to contact the guy that built the site to no avail, he won't answer my emails.
why these parser errors keep happening. This is a recent thing from the past 2 months, never had this before. What can I do to stop it. it looks like the knowledge here is unreal, I'm in awe everytime I read your answers. BTW, heres my lastest parser error:
Parser Error Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately. Parser Error Message: Only Content controls are allowed directly in a content page that contains Content controls. Source Error:
[Code]....
I want to bind data from SQL server to a dropdownlist. I have found out how to bind the content very simple: I have an array named mat, which I fill with data from this db-call: vb Code:
mat = GetData(clsDbInfo1.GetMaterialer(Session("language"), Session("sId")).Tables(0), Session("language"))
and then I bind the data to the droplist here:
vb Code:
For Each itemMat In mat lstMat.Items.Add(itemMat) Next
But here is my question: How do I bind value content to the dropdownlist just like:
vb Code:
Dim lst0 As New ListItem("Test0", 0) lstMat.Items.Add(lst0)Dim lst1 As New ListItem("Test1", 1) lstMat.Items.Add(lst1)
How do I do that? I have an array including the value content named matId, I want to add the content in the For-Each loop, is that possible??
We have a large site with thousands of static html files. Some of them are ISO-8859-1, others are UTF-8 (with and without byte order marks).
The web.config file looks like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<globalization requestEncoding="utf-8" responseEncoding="utf-8" fileEncoding="utf-8" />
</system.web>
</configuration>
If I change the fileEncoding to "ISO-8859-1" it works for both ISO-8859-1 and UTF-8 if there is a byte order mark. We are trying to avoid manually checking and adding byte order marks to files that do not have them. Is there any way to accomplish this?
The files have the charset meta tag. Can we make the server read that to determine the file encoding?
EDIT
If I remove the wildcard application mapping to aspnet_isapi.dll the files are served correctly. Is there any way to have the wildcard match everything except for .html?
I'm trying to serve a pdf file from a database in ASP.NET using an Http Handler, but every time I go to the page I get an error
XML Parsing Error: no element found
Location: https://ucc489/rc/NoteFileHandler.ashx?noteId=1,msdsId=3
Line Number 1, Column 1:
public class NoteFileHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
[code]...
I am hosting the ASP.Net runtime in my exe but I find that if I try to access htm or xml files from the browser, it gives a 404.
I can access aspx, asmx and other asp.net related files just fine.
Is there any configuration that I need to do to server other file extensions and if so, what?
I am working on a web application where images has to be scaled dynamically and served to the client as fast as possible (with low overhead). I need to create something that scales and compresses high-quality PNGs to medium quality JPEGs.Now, there are multiple ways of doing this and I am slightly confused which method provides the best solution for the application to be as fast as possible - and I was hoping you guys could guide me in the right direction.This application will run on the .NET 3.5-platform and I am looking for fresh ways of doing this. Googling has given me some clues but most of the articles I found were VERY old (2000-2005 or so).The client app is written in ASP.NET MVC, while the backend app is written in Web Forms. The images are located in a directory in the Web Forms application, but I guess that dosen't say the image handler must be written in Web forms.
View 3 RepliesIf I host video or any other media content on Amazon S3, how can I use ASP.net Membership to enforce access rights?
View 1 RepliesI'm using this Ajax script [URL] to load content from an aspx page on another server than the page calling the content. So far I've learned that this is a no go. The problem seems to be that when using an absolute link to content the script fails as apposed to using a relative link.
I've searched the web for about 10 hours now, and I still haven't found what I'm looking for.
I am creating a website in Visual Studio 2010 for ASP.NET 4.0 written in C#.
I have a Global.asax file with a method to force specific pages or directories to use https. Then in the web.config file, I define which pages and directories should use https.
The problem I am running into is content not coming over as https even though the URL is https, so IE gives a security warning. We do have a valid cert on the domain. The security warning pop up says, "Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage." If users choose Yes, then parts of the applications do not work.
Is there a way that I can force the content (images, JavaScript files included in the page, etc) to come over as https? All the files are on the web server, so I am not trying to include outside resources (like not displaying a video or image from another site, it is all on my site's web server). I want to avoid absolute URLs in my code because some of the applications are complex and I cannot find all the places where resources are being called.
I am creating a small testharness which will create load on the website with multiple threads. All I doing is
[Code]....
But this keeps timing out after few request. I have looked into the IIS worker process requests and I can see the requests being in there in the state of sendresponce. If I request the same url from my browser the reponce is there. Am I doing something wrong here?
I am new to IIS and asp and i am having a problem. I am creating a asp.net website in physical folder wwwrootSharePage and virtual directory SharePage When i visit the site on local host or using my ip address or through dyndns proxy on my own computer , the page is served fine, But when any one else from any other computer access my website it takes a long time in loading and finally his browser throws an error (may be page not found error,not sure, see for yourself). I have even changed Authentication mode to none and tried with firewalls closed , still page is not served.
You can have a look here
[URL]
(hosted on my home computer so can be unavailable at times when i have switched off my computer)
or try with my ip address
updated http://117.205.103.192/SharePage/ (can change ,i have a dynamic ip address)
Info:
IIS version 7.5
OS : Windows 7
.Net 4 (even in IIS)
The app_offline.htm file that ASP.NET serves returns the http status 503. This is the correct behavior for most situations. However, in the scenario where a specific URL is requested (e.g. [URL]), I'd like to change the returned http status to 200, while still returning http status 503 in all other situations. Is this possible?
The reason why I want to do this is whenever we do scheduled maintenance on our website, we use the app_offline.htm file, but we don't want our uptime monitoring service [URL] to report downtime during our scheduled maintenance.
I assume this would have to be at the IIS level because the app_offline.htm gets served very early on in the request processing cycle.
I'm pulling back an image that is stored in a column in a SQL server database.I need to serve this up on an aspx page.
View 4 RepliesCurrently in my webpage i load images to the ListView object as follows...
<ContentTemplate>
<asp:ListView ID="ListView1" runat="server">
<layouttemplate>
[code]...
My WebApp is part CMS, and when I serve up an HTML page to the user it typically contains relative paths in a.href and img.src attributes. I currently have them accessed by urls like: ~/get-data.aspx/instance/user/page.html -- where instance indicates the particular instance for the report and "user/page.html" is a path created by an external application that generates the content. This works pretty reliably with code in the application's BeginRequest method that translates the text after ".aspx" into a query string, then uses Context.RewritePath(). So far so good, but I've just tripped over something that took me by surprise: it appears that if any of the query string ("instance/user/page.html") happens to contain a plus sign ("+") the BeginRequest method is never called, and a 404 is immediately returned to the user.
So my question is two-fold:
Am I correct in my belief that a "+" would cause the 404, and if so are there other things that could cause similar problems? Is there a way around that problem (perhaps a different method than BeginRequest)? Is there a better way to preserve relative URL paths for generated content than what I'm using? I'd rather not require site admins to install a 3rd party rewrite tool if I can help it.
I am creating a website with password-protected pages in it.
I have two type of customer: 1. Free 2. Paid
For paid customers, pages would be rendered over HTTPS whereas for free customer, pages will be rendered over HTTP. However, pages for both types of users would be same (while populating specific information for each user.)
note, the URL for the two users should be same except HTTP/HTTPS part.
I am new to HTTPS and want to know how to achieve this.
I am wondering how to implement it?
How can I Ensure That Secure Content Is Served Over HTTPS Only (IIS 6.0)? when the certificate is installed. In other words how can I direct all the http request to https. For example when some type http://localhost it redirects to https://localhost.
View 2 RepliesI have a scenario where...
1.) Have created a div with a dropdown list and ok, cancel button
2.) On document ready - registering div created on step 1 into a jQuery dialog
3.) on a javascript button click - I am opening this dialog box.
4.) Now, the problem is - the jQuery dialogbox which I have created, needs to be used by other button clicks as well on same page. Now, my div's (which is a dialog at runtime using jQuery) ok button click is already engaged with a javascript function (button1 click) and I can not associate other button's click events with it - thus stuck up here and have no clues or hit to resolve this.