Category Archives: IIS
Today I noticed we were getting an increasing amount of spam on one of our form pages. I was curious to see if all of the user IP addresses were the same (in which case I’d just add them to the IIS7 IP Restrictions list). To quickly and easily figure this out I decided to use LogParser. Besides just querying for the page though, I wanted to add an additional condition to exclude rows that came from a certain internal IP address that we use for monitoring.
Here’s a generic version of the query I used:
LogParser.exe -q:on "SELECT * FROM x:\wwwlogs\W3SVC1\u_ex130411.log WHERE cs-uri-stem='/SomePage/' and c-ip<>'10.10.1.100' >c:\temp\PageVisitors.txt"
I wanted to see the full logged data for the request, but if I didn’t, I could have very easily just pulled the IP addresses using:
LogParser.exe -q:on "SELECT c-ip FROM x:\wwwlogs\W3SVC1\u_ex130411.log WHERE cs-uri-stem='/SomePage/' and c-ip<>'10.10.1.100' >c:\temp\PageVisitors.txt"
You can see that I’m piping the results to a text file (the “>c:\temp\PageVisitors.txt” part) so that I can easily deal with the results. You may also want to take note that I’m using the “-q:on” flag which runs the command in Quite Mode. If you don’t set this flag then LogParser will show results one page at a time. When piping to a text file rather than the command prompt window, you obviously can’t hit a key for “next page” so without this flag the query will actually hang forever if there is more than one page worth of results.
Installing Windows 2012 Server Core plus IIS8 isn’t as hard as you might think. At least it isn’t as hard as I thought!
Server Core can be intimidating to long-time Windows users who expect to see the comfortable familiarity of the Windows desktop (though that has also changed with Server 2012). Rather than a Windows desktop you are presented with a command window and required to make changes through text commands. Hey, what is this – Linux?!?
You can relax though. There are actually ways to still manage your server via GUI through the use of various remote tools. That gives the benefit of the smaller footprint and attack surface on your server, but still the ease-of-management that users are use to.
Here’s a great recent post with a few quick steps on getting Windows 2012 Server Core installed (not many steps there – its super-easy) then the command lines needed to install IIS8 and enable it for remote access. Then the few steps required to get connected remotely to manage your server.
Check it out – it’s likely way easier than you expected!
Microsoft’s IIS SMTP service won’t log usernames even when SMTP-AUTH is enabled and clients are all authenticating. So, what happens if someone starts abusing the SMTP service (or you perhaps have a runaway process performing the abuse)?
Well, it takes a little effort but it is possible to track down the username being used to authenticate to the service. Here’s a post by Jeff Graves of OrcsWeb showing exactly how to track down this information: http://jeffgraves.me/2013/01/08/linking-spam-sent-through-shared-iis-smtp-server-to-a-user/
A client was getting errors when using PUT/POST/DELETE verbs on their web application recently.
The errors he was seeing were:
<h2>405 - HTTP verb used to access this page is not allowed.</h2> <h3>The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access
After some troubleshooting the error was isolated to the fact that WebDav was installed on the server and was intercepting those requests for its own service use.
Rather than removing WebDav from the server, we went looking for another solution. Thankfully someone on Twitter understood the issue and gave an example of changes to make to the client’s web.config file in order to disable (remove) the WebDav module for just that specific site without requiring any manual administrative actions on the server.
The code updates to make to your web.config file to resolve this error are:
<configuration> <system.webServer> <handlers> <remove name="WebDAV" /> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" /> <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" /> <remove name="ExtensionlessUrlHandler-Integrated-4.0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" /> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /> </handlers> <modules> <remove name="WebDAVModule" /> </modules> </system.webServer> </configuration>
I hope this help. Happy hosting!