I have problems like in this example
I also create that script:
<% If trim(Session("test_val")) = "" Then
Dim my_num
Randomize
number = Int((rnd*1000))+1
Session("test_val") = number
End If
%>
<b>Session ID:</b>
<% response.write(Session.SessionId) %><br /><br />
<b>Session("test_val"):</b>
<% response.write(Session("test_val")) %><br /><br />
<b>Session Timeout:</b>
<% response.write(Session.Timeout) %> minutes<br /><br />
<b>Server Software:</b>
<% response.write(Request.ServerVariables("SERVER_SOFTWARE")) %><br /> <br />
<b>HTTP_COOKIE:</b> <% response.write(Request.ServerVariables("HTTP_COOKIE")) %>
After each page request I got a different result
Session ID: 619163854
Session("test_val"): 784
Session Timeout: 480 minutes
Server Software: Microsoft-IIS/8.5
HTTP_COOKIE: ASPSESSIONIDQQATDABC=EMAJHOECJIKDFKKHFFKIGDEK
and
Session ID: 619245915
Session("test_val"): 39
Session Timeout: 20 minutes
Server Software: Microsoft-IIS/8.5
HTTP_COOKIE: ASPSESSIONIDQQATDABC=EMAJHOECJIKDFKKHFFKIGDEK; ASPSESSIONIDQSDTCDCB=OMALHOECNLEJLAHGOJEGDNIJ; ASPSESSIONIDQSATDBAD=EFBPIOECEIAAAGKFOJMECCOM; ASPSESSIONIDQQCTCAAC=LFBPIOECGGPIJAINBPKIDNFF
And every refresh ASPSESSIONID still appending to cookies
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rewriteMaps>
<clear />
<rewriteMap name="Static URL Rewrites">
<add key="/robots.txt" value="/robots.asp" />
<add key="/sitemap.xml" value="/sitemap.asp?format=XML" />
<add key="/sitemap.txt" value="/sitemap.asp?format=TXT" />
</rewriteMap>
<rewriteMap name="Static URL Failures">
<add key="/robots.asp" value="/" />
<add key="/sitemap.asp" value="/" />
</rewriteMap>
</rewriteMaps>
<rules>
<clear />
<rule name="Static URL Rewrites" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" ignoreCase="true" negate="false" />
<conditions>
<add input="{Static URL Rewrites:{REQUEST_URI}}" pattern="(.+)" />
</conditions>
<action type="Rewrite" url="{C:1}" appendQueryString="false" redirectType="Temporary" />
</rule>
<rule name="Static URL Failures" patternSyntax="ECMAScript" stopProcessing="true">
<match url=".*" ignoreCase="true" negate="false" />
<conditions>
<add input="{Static URL Failures:{REQUEST_URI}}" pattern="(.+)" />
</conditions>
<action type="CustomResponse" statusCode="404" subStatusCode="0" />
</rule>
<rule name="Prevent rewriting for static files" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" />
</conditions>
<action type="None" />
</rule>
</rules>
</rewrite>
<defaultDocument>
<files>
<remove value="default.aspx" />
<remove value="iisstart.htm" />
<remove value="index.html" />
<remove value="index.htm" />
<remove value="Default.asp" />
<remove value="Default.htm" />
<add value="index.asp" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
<httpErrors errorMode="DetailedLocalOnly" defaultPath="D:\err.html">
<remove statusCode="401" subStatusCode="-1" />
<remove statusCode="403" subStatusCode="-1" />
<remove statusCode="404" subStatusCode="-1" />
<remove statusCode="405" subStatusCode="-1" />
<remove statusCode="406" subStatusCode="-1" />
<remove statusCode="412" subStatusCode="-1" />
<remove statusCode="500" subStatusCode="-1" />
<remove statusCode="501" subStatusCode="-1" />
<remove statusCode="502" subStatusCode="-1" />
</httpErrors>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="4290000000" />
</requestFiltering>
</security>
</system.webServer>
<system.web>
<sessionState mode="Off" />
</system.web>
</configuration>
I have 1 app pool
why:
Session Timeouts is changed?
ASPSESSIONID multiplying?
https://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.71).aspx
Please change your
<system.web>
<sessionState mode="Off" />
</system.web>
or delete this section
Related
I am doing the web.config transformations. Here is my web.config -
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Content-Security-Policy-Report-Only" value="frame-ancestors 'self'" />
</customHeaders>
</httpProtocol>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<rewrite>
<rules>
<rule name="https redirect">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
<outboundRules>
<rule name="Remove RESPONSE_Server" >
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
<rule name="Adding HSTS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security"
pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
<aspNetCore processPath="dotnet" arguments=".\App.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Local" />
</environmentVariables>
</aspNetCore>
</system.webServer>
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
</system.web>
</location>
</configuration>
My web.release.config is same as web.config. And web.Development.config is like below.
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<aspNetCore processPath="dotnet" arguments=".\App.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" xdt:Transform="Replace" xdt:Locator="Match(name)"/>
</environmentVariables>
</aspNetCore>
</system.webServer>
</configuration>
But when I am publishing using "dotnet publish --configuration Development /p:EnvironmentName=Development" command, it says No element in the source document matches '/configuration/system.webServer'
Also while deploying to server I am getiing this -
[apply APPName_DEV\web.Development.config to APPName_DEV\web.config] W:\Buildnumber\APPName_DEV\web.Development.config:7,7 - No element in the source document matches '/configuration/system.webServer'
Please help me on this, thanks in advance :)
I think u need to remove <location> from your base config or add <location> to you development config.
u trying to replace <configuration><system.webServer>
but in your base config u have <configuration><location><system.webServer>
After upgrade my Azure Web role project with MVC4 and SDK 2.2 to SDK 2.4 and MVC5, starts the application only in the emulator, but not in the cloud (empty page or "Page can not displayed").
After remote login on the VM and changing the application pool mode from integrated to classic, works the page also with the new settings. Changes of the handler settings in the web.config were unsuccessful.
Current web.config with MVC5 and SDK2.4:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="PageSpeedModule" type="CheckMyBus.Web.Frontend.Modules.ProtectionModule" preCondition="managedHandler" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" /><remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
</handlers>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<httpCompression>
<dynamicTypes>
<add mimeType="application/json" enabled="true" />
<add mimeType="application/json; charset=utf-8" enabled="true" />
</dynamicTypes>
</httpCompression>
<staticContent>
<clientCache setEtag="false" />
</staticContent>
<httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough" />
<rewrite>
<rules>
<rule name="RemoveIllegalCharacters">
<match url="(.*)("|%22)(.*)" />
<action type="Rewrite" url="{R:1}{R:3}" />
</rule>
<rule name="RemoveTrailingSlashRule1" stopProcessing="true">
<match url="(.*)/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Redirect" url="{R:1}" />
</rule>
<rule name="Remove Version from static files" stopProcessing="true">
<match url="(styles|scripts|images)/(.+);v[0-9]+\.(css|js|gif|png|jpg|ico)" />
<action type="Rewrite" url="{R:1}/{R:2}.{R:3}" />
</rule>
<rule name="EnforceLowerCase" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{URL}}" />
</rule>
</rules>
</rewrite>
</system.webServer>
Last web.config works fine with MVC4 and SDK2.2:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="PageSpeedModule" type="CheckMyBus.Web.Frontend.Modules.ProtectionModule" preCondition="managedHandler" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" /><remove name="OPTIONSVerbHandler" /><remove name="TRACEVerbHandler" /><add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /></handlers>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<httpCompression>
<dynamicTypes>
<add mimeType="application/json" enabled="true" />
<add mimeType="application/json; charset=utf-8" enabled="true" />
</dynamicTypes>
</httpCompression>
<staticContent>
<clientCache setEtag="false" />
</staticContent>
<httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough" />
<rewrite>
<rules>
<rule name="RemoveIllegalCharacters">
<match url="(.*)("|%22)(.*)" />
<action type="Rewrite" url="{R:1}{R:3}" />
</rule>
<rule name="RemoveTrailingSlashRule1" stopProcessing="true">
<match url="(.*)/$" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Redirect" url="{R:1}" />
</rule>
<rule name="Remove Version from static files" stopProcessing="true">
<match url="(styles|scripts|images)/(.+);v[0-9]+\.(css|js|gif|png|jpg|ico)" />
<action type="Rewrite" url="{R:1}/{R:2}.{R:3}" />
</rule>
<rule name="EnforceLowerCase" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{URL}}" />
</rule>
</rules>
</rewrite>
</system.webServer>
Can everyone help me?
Having upgraded to MVC5 manually I didn't realize that the pages-clause in the Views weg.config had THREE references to System.Web.Mvc. That made the web role recyle forever.
Fixing this solved my rcycling issue.
On Linux servers, we can benefit from .htaccess rules in order to make wordpress installations more secure.
How is that possible on IIS7+?
Using Better WP Security .htaccess rules and the rule converter wizard on IIS Manager, I got the following for the web.config file.
This file includes:
usual wordpress rewrite
denying blacklisted agents
file leeching protection
trace | delete | track protection
forbidden access to some directories
In addition to these, another tip: wordpress does work if you move your wp-config.php file one level up (Do not keep it under /www/)
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="wordpress" patternSyntax="Wildcard">
<match url="*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
<rule name="Abuse Agent Blocking from HackRepair.com" stopProcessing="true">
<match url="^.*" ignoreCase="false" />
<conditions logicalGrouping="MatchAny">
<!--# BEGIN Better WP Security-->
<!--# Begin HackRepair.com Blacklist-->
<!--# Abuse Agent Blocking-->
<add input="{HTTP_USER_AGENT}" pattern="^BlackWidow" />
<add input="{HTTP_USER_AGENT}" pattern="^Bolt\ 0" />
<add input="{HTTP_USER_AGENT}" pattern="^Bot\ mailto:craftbot\#yahoo\.com" />
<add input="{HTTP_USER_AGENT}" pattern="CazoodleBot" />
<add input="{HTTP_USER_AGENT}" pattern="^ChinaClaw" />
<add input="{HTTP_USER_AGENT}" pattern="^Custo" />
<add input="{HTTP_USER_AGENT}" pattern="^Default\ Browser\ 0" />
<add input="{HTTP_USER_AGENT}" pattern="^DIIbot" />
<add input="{HTTP_USER_AGENT}" pattern="^DISCo" />
<add input="{HTTP_USER_AGENT}" pattern="discobot" />
<add input="{HTTP_USER_AGENT}" pattern="^Download\ Demon" />
<add input="{HTTP_USER_AGENT}" pattern="^eCatch" />
<add input="{HTTP_USER_AGENT}" pattern="ecxi" />
<add input="{HTTP_USER_AGENT}" pattern="^EirGrabber" />
<add input="{HTTP_USER_AGENT}" pattern="^EmailCollector" />
<add input="{HTTP_USER_AGENT}" pattern="^EmailSiphon" />
<add input="{HTTP_USER_AGENT}" pattern="^EmailWolf" />
<add input="{HTTP_USER_AGENT}" pattern="^Express\ WebPictures" />
<add input="{HTTP_USER_AGENT}" pattern="^ExtractorPro" />
<add input="{HTTP_USER_AGENT}" pattern="^EyeNetIE" />
<add input="{HTTP_USER_AGENT}" pattern="^FlashGet" />
<add input="{HTTP_USER_AGENT}" pattern="^GetRight" />
<add input="{HTTP_USER_AGENT}" pattern="^GetWeb!" />
<add input="{HTTP_USER_AGENT}" pattern="^Go!Zilla" />
<add input="{HTTP_USER_AGENT}" pattern="^Go-Ahead-Got-It" />
<add input="{HTTP_USER_AGENT}" pattern="^GrabNet" />
<add input="{HTTP_USER_AGENT}" pattern="^Grafula" />
<add input="{HTTP_USER_AGENT}" pattern="GT::WWW" />
<add input="{HTTP_USER_AGENT}" pattern="heritrix" />
<add input="{HTTP_USER_AGENT}" pattern="^HMView" />
<add input="{HTTP_USER_AGENT}" pattern="HTTP::Lite" />
<add input="{HTTP_USER_AGENT}" pattern="HTTrack" />
<add input="{HTTP_USER_AGENT}" pattern="ia_archiver" />
<add input="{HTTP_USER_AGENT}" pattern="IDBot" />
<add input="{HTTP_USER_AGENT}" pattern="id-search" />
<add input="{HTTP_USER_AGENT}" pattern="id-search\.org" />
<add input="{HTTP_USER_AGENT}" pattern="^Image\ Stripper" />
<add input="{HTTP_USER_AGENT}" pattern="^Image\ Sucker" />
<add input="{HTTP_USER_AGENT}" pattern="Indy\ Library" />
<add input="{HTTP_USER_AGENT}" pattern="^InterGET" />
<add input="{HTTP_USER_AGENT}" pattern="^Internet\ Ninja" />
<add input="{HTTP_USER_AGENT}" pattern="^InternetSeer\.com" />
<add input="{HTTP_USER_AGENT}" pattern="IRLbot" />
<add input="{HTTP_USER_AGENT}" pattern="ISC\ Systems\ iRc\ Search\ 2\.1" />
<add input="{HTTP_USER_AGENT}" pattern="^Java" />
<add input="{HTTP_USER_AGENT}" pattern="^JetCar" />
<add input="{HTTP_USER_AGENT}" pattern="^JOC\ Web\ Spider" />
<add input="{HTTP_USER_AGENT}" pattern="^larbin" />
<add input="{HTTP_USER_AGENT}" pattern="^LeechFTP" />
<add input="{HTTP_USER_AGENT}" pattern="libwww" />
<add input="{HTTP_USER_AGENT}" pattern="libwww-perl" />
<add input="{HTTP_USER_AGENT}" pattern="^Link" />
<add input="{HTTP_USER_AGENT}" pattern="LinksManager.com_bot" />
<add input="{HTTP_USER_AGENT}" pattern="linkwalker" />
<add input="{HTTP_USER_AGENT}" pattern="lwp-trivial" />
<add input="{HTTP_USER_AGENT}" pattern="^Mass\ Downloader" />
<add input="{HTTP_USER_AGENT}" pattern="^Maxthon$" />
<add input="{HTTP_USER_AGENT}" pattern="MFC_Tear_Sample" />
<add input="{HTTP_USER_AGENT}" pattern="^microsoft\.url" />
<add input="{HTTP_USER_AGENT}" pattern="Microsoft\ URL\ Control" />
<add input="{HTTP_USER_AGENT}" pattern="^MIDown\ tool" />
<add input="{HTTP_USER_AGENT}" pattern="^Mister\ PiX" />
<add input="{HTTP_USER_AGENT}" pattern="Missigua\ Locator" />
<add input="{HTTP_USER_AGENT}" pattern="^Mozilla\.*Indy" />
<add input="{HTTP_USER_AGENT}" pattern="^Mozilla\.*NEWT" />
<add input="{HTTP_USER_AGENT}" pattern="^MSFrontPage" />
<add input="{HTTP_USER_AGENT}" pattern="^Navroad" />
<add input="{HTTP_USER_AGENT}" pattern="^NearSite" />
<add input="{HTTP_USER_AGENT}" pattern="^NetAnts" />
<add input="{HTTP_USER_AGENT}" pattern="^NetSpider" />
<add input="{HTTP_USER_AGENT}" pattern="^Net\ Vampire" />
<add input="{HTTP_USER_AGENT}" pattern="^NetZIP" />
<add input="{HTTP_USER_AGENT}" pattern="^Nutch" />
<add input="{HTTP_USER_AGENT}" pattern="^Octopus" />
<add input="{HTTP_USER_AGENT}" pattern="^Offline\ Explorer" />
<add input="{HTTP_USER_AGENT}" pattern="^Offline\ Navigator" />
<add input="{HTTP_USER_AGENT}" pattern="^PageGrabber" />
<add input="{HTTP_USER_AGENT}" pattern="panscient.com" />
<add input="{HTTP_USER_AGENT}" pattern="^Papa\ Foto" />
<add input="{HTTP_USER_AGENT}" pattern="^pavuk" />
<add input="{HTTP_USER_AGENT}" pattern="PECL::HTTP" />
<add input="{HTTP_USER_AGENT}" pattern="^PeoplePal" />
<add input="{HTTP_USER_AGENT}" pattern="^pcBrowser" />
<add input="{HTTP_USER_AGENT}" pattern="PHPCrawl" />
<add input="{HTTP_USER_AGENT}" pattern="PleaseCrawl" />
<add input="{HTTP_USER_AGENT}" pattern="^psbot" />
<add input="{HTTP_USER_AGENT}" pattern="^RealDownload" />
<add input="{HTTP_USER_AGENT}" pattern="^ReGet" />
<add input="{HTTP_USER_AGENT}" pattern="^Rippers\ 0" />
<add input="{HTTP_USER_AGENT}" pattern="SBIder" />
<add input="{HTTP_USER_AGENT}" pattern="^SeaMonkey$" />
<add input="{HTTP_USER_AGENT}" pattern="^sitecheck\.internetseer\.com" />
<add input="{HTTP_USER_AGENT}" pattern="^SiteSnagger" />
<add input="{HTTP_USER_AGENT}" pattern="^SmartDownload" />
<add input="{HTTP_USER_AGENT}" pattern="Snoopy" />
<add input="{HTTP_USER_AGENT}" pattern="Steeler" />
<add input="{HTTP_USER_AGENT}" pattern="^SuperBot" />
<add input="{HTTP_USER_AGENT}" pattern="^SuperHTTP" />
<add input="{HTTP_USER_AGENT}" pattern="^Surfbot" />
<add input="{HTTP_USER_AGENT}" pattern="^tAkeOut" />
<add input="{HTTP_USER_AGENT}" pattern="^Teleport\ Pro" />
<add input="{HTTP_USER_AGENT}" pattern="^Toata\ dragostea\ mea\ pentru\ diavola" />
<add input="{HTTP_USER_AGENT}" pattern="URI::Fetch" />
<add input="{HTTP_USER_AGENT}" pattern="urllib" />
<add input="{HTTP_USER_AGENT}" pattern="User-Agent" />
<add input="{HTTP_USER_AGENT}" pattern="^VoidEYE" />
<add input="{HTTP_USER_AGENT}" pattern="^Web\ Image\ Collector" />
<add input="{HTTP_USER_AGENT}" pattern="^Web\ Sucker" />
<add input="{HTTP_USER_AGENT}" pattern="Web\ Sucker" />
<add input="{HTTP_USER_AGENT}" pattern="webalta" />
<add input="{HTTP_USER_AGENT}" pattern="^WebAuto" />
<add input="{HTTP_USER_AGENT}" pattern="^[Ww]eb[Bb]andit" />
<add input="{HTTP_USER_AGENT}" pattern="WebCollage" />
<add input="{HTTP_USER_AGENT}" pattern="^WebCopier" />
<add input="{HTTP_USER_AGENT}" pattern="^WebFetch" />
<add input="{HTTP_USER_AGENT}" pattern="^WebGo\ IS" />
<add input="{HTTP_USER_AGENT}" pattern="^WebLeacher" />
<add input="{HTTP_USER_AGENT}" pattern="^WebReaper" />
<add input="{HTTP_USER_AGENT}" pattern="^WebSauger" />
<add input="{HTTP_USER_AGENT}" pattern="^Website\ eXtractor" />
<add input="{HTTP_USER_AGENT}" pattern="^Website\ Quester" />
<add input="{HTTP_USER_AGENT}" pattern="^WebStripper" />
<add input="{HTTP_USER_AGENT}" pattern="^WebWhacker" />
<add input="{HTTP_USER_AGENT}" pattern="^WebZIP" />
<add input="{HTTP_USER_AGENT}" pattern="Wells\ Search\ II" />
<add input="{HTTP_USER_AGENT}" pattern="WEP\ Search" />
<add input="{HTTP_USER_AGENT}" pattern="^Wget" />
<add input="{HTTP_USER_AGENT}" pattern="^Widow" />
<add input="{HTTP_USER_AGENT}" pattern="^WWW-Mechanize" />
<add input="{HTTP_USER_AGENT}" pattern="^WWWOFFLE" />
<add input="{HTTP_USER_AGENT}" pattern="^Xaldon\ WebSpider" />
<add input="{HTTP_USER_AGENT}" pattern="zermelo" />
<add input="{HTTP_USER_AGENT}" pattern="^Zeus" />
<add input="{HTTP_USER_AGENT}" pattern="^Zeus\.*Webster" />
<add input="{HTTP_USER_AGENT}" pattern="ZyBorg" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Imported Rule 2" stopProcessing="true">
<match url="^wp-admin/includes/" ignoreCase="false" />
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Imported Rule 3" stopProcessing="true">
<match url="^wp-includes/[^/]+\.php$" ignoreCase="false" />
<conditions>
<!--# RewriteRule !^wp-includes/ - [S=3]-->
<add input="{SCRIPT_FILENAME}" pattern="^(.*)wp-includes/ms-files.php" ignoreCase="false" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Imported Rule 4" stopProcessing="true">
<match url="^wp-includes/js/tinymce/langs/.+\.php" ignoreCase="false" />
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Imported Rule 5" stopProcessing="true">
<match url="^wp-includes/theme-compat/" ignoreCase="false" />
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Imported Rule 6" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{REQUEST_METHOD}" pattern="^(TRACE|DELETE|TRACK)" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
We are migrating from IIS 5.1 to IISExpress on developer machines. We have ASP .NET app which also hosts some .asmx webservices.
When using IIS 5.1 we can access wsdl using following URL
http ://localhost/MY_PATH/Service/WebServiceName.asmx?wsdl
However when I use IISExpress I can see all pages of my application successfully but when I try to see wsdl(http ://localhost/MY_PATH/Service/WebServiceName.asmx?wsdl) I get following error.
HTTP Error 404.17 - Not Found
The requested content appears to be script and will not be served by the static file handler.
Most likely causes:
The request matched a wildcard mime map. The request is mapped to the static file handler. If there were different pre-conditions, the request will map to a different handler.
Things you can try:
If you want to serve this content as a static file, add an explicit MIME map.
Detailed Error Information:
Module StaticFileModule
Notification ExecuteRequestHandler
Handler StaticFile
Error Code 0x80070032
Please let me know what is going wrong here. Following is my applicationHost.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<sectionGroup name="system.applicationHost">
<section name="applicationPools" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="configHistory" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="customMetadata" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="listenerAdapters" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="log" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="preloadProviders" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="sites" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="webLimits" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
</sectionGroup>
<sectionGroup name="system.webServer">
<section name="asp" overrideModeDefault="Deny" />
<section name="caching" overrideModeDefault="Allow" />
<section name="cgi" overrideModeDefault="Deny" />
<section name="defaultDocument" overrideModeDefault="Allow" />
<section name="directoryBrowse" overrideModeDefault="Allow" />
<section name="fastCgi" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="globalModules" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="handlers" overrideModeDefault="Deny" />
<section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
<section name="httpErrors" overrideModeDefault="Allow" />
<section name="httpLogging" overrideModeDefault="Deny" />
<section name="httpProtocol" overrideModeDefault="Allow" />
<section name="httpRedirect" overrideModeDefault="Allow" />
<section name="httpTracing" overrideModeDefault="Deny" />
<section name="isapiFilters" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
<section name="odbcLogging" overrideModeDefault="Deny" />
<sectionGroup name="security">
...
</sectionGroup>
<section name="urlCompression" overrideModeDefault="Allow" />
<section name="validation" overrideModeDefault="Allow" />
<sectionGroup name="webdav">
<section name="globalSettings" overrideModeDefault="Deny" />
<section name="authoring" overrideModeDefault="Deny" />
<section name="authoringRules" overrideModeDefault="Deny" />
</sectionGroup>
<sectionGroup name="rewrite">
...
</sectionGroup>
</sectionGroup>
</configSections>
<configProtectedData>
<providers>
...
</providers>
</configProtectedData>
<system.applicationHost>
<applicationPools>
<add name="Clr4IntegratedAppPool" managedRuntimeVersion="v4.0" managedPipelineMode="Integrated" CLRConfigFile="%IIS_BIN%\config\templates\PersonalWebServer\aspnet.config" autoStart="true" />
...
<add name="IISExpressAppPool" autoStart="true" managedRuntimeVersion="v2.0" managedPipelineMode="Integrated" CLRConfigFile="%IIS_BIN%\config\templates\PersonalWebServer\aspnet.config" />
<applicationPoolDefaults managedRuntimeLoader="v4.0">
</applicationPoolDefaults>
</applicationPools>
<listenerAdapters>
<add name="http" />
</listenerAdapters>
<sites>
<site id="1" name="MySite" serverAutoStart="true">
<application path="/" >
<virtualDirectory path="/" physicalPath="C:\MyProject" />
<virtualDirectory path="/MY_PATH" physicalPath="C:\MyProject" />
</application>
<bindings>
<binding bindingInformation=":8080:localhost" protocol="http" />
</bindings>
</site>
<siteDefaults>
<logFile logFormat="W3C" directory="C:\app_tmp\IISExpress\iWin7.0\Logs" />
<traceFailedRequestsLogging directory="C:\app_tmp\IISExpress\iWin7.0\Trace" enabled="true" maxLogFileSizeKB="1024" />
</siteDefaults>
<applicationDefaults applicationPool="Clr2ClassicAppPool" />
<virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>
<webLimits />
</system.applicationHost>
<system.webServer>
<serverRuntime />
<asp scriptErrorSentToBrowser="true">
<cache diskTemplateCacheDirectory="%TEMP%\iisexpress\ASP Compiled Templates" />
<limits />
</asp>
<caching enabled="true" enableKernelCache="true">
</caching>
<cgi />
<defaultDocument enabled="true">
<files>
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
<directoryBrowse enabled="false" />
<fastCgi />
<globalModules>
...
</globalModules>
<httpCompression directory="%TEMP%\iisexpress\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%IIS_BIN%\gzip.dll" />
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="application/atom+xml" enabled="true" />
<add mimeType="application/xaml+xml" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<httpErrors lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath">
<error statusCode="401" prefixLanguageFilePath="%IIS_BIN%\custerr" path="401.htm" />
...
<error statusCode="502" prefixLanguageFilePath="%IIS_BIN%\custerr" path="502.htm" />
</httpErrors>
<httpLogging dontLog="false" />
<httpProtocol>
<customHeaders>
<clear />
<add name="X-Powered-By" value="ASP.NET" />
</customHeaders>
<redirectHeaders>
<clear />
</redirectHeaders>
</httpProtocol>
<httpRedirect enabled="false" />
<httpTracing>
</httpTracing>
<isapiFilters>
<filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness32,runtimeVersionv2.0" />
<filter name="ASP.Net_2.0_for_v1.1" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv1.1" />
<filter name="ASP.Net_4.0_32bit" path="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="bitness32,runtimeVersionv4.0" />
</isapiFilters>
<odbcLogging />
<security>
<access sslFlags="None" />
<applicationDependencies>
<application name="Active Server Pages" groupId="ASP" />
</applicationDependencies>
<authentication>
<anonymousAuthentication enabled="true" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="false">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
<authorization>
<add accessType="Allow" users="*" />
</authorization>
<ipSecurity allowUnlisted="true" />
<isapiCgiRestriction notListedIsapisAllowed="true" notListedCgisAllowed="true">
<add path="%windir%\Microsoft.NET\Framework\v4.0.30319\webengine4.dll" allowed="true" groupId="ASP.NET_v4.0" description="ASP.NET_v4.0" />
</isapiCgiRestriction>
<requestFiltering>
<fileExtensions allowUnlisted="true" applyToWebDAV="true">
<add fileExtension=".asa" allowed="false" />
<add fileExtension=".asax" allowed="false" />
<add fileExtension=".ascx" allowed="false" />
...
<add fileExtension=".rules" allowed="false" />
</fileExtensions>
<verbs allowUnlisted="true" applyToWebDAV="true" />
<hiddenSegments applyToWebDAV="true">
<add segment="web.config" />
<add segment="bin" />
<add segment="App_code" />
<add segment="App_GlobalResources" />
<add segment="App_LocalResources" />
<add segment="App_WebReferences" />
<add segment="App_Data" />
<add segment="App_Browsers" />
</hiddenSegments>
</requestFiltering>
</security>
<serverSideInclude ssiExecDisable="false" />
<staticContent lockAttributes="isDocFooterFileName">
...
<mimeMap fileExtension=".application" mimeType="application/x-ms-application" />
...
</staticContent>
<tracing>
<traceProviderDefinitions>
<add name="WWW Server" guid="{3a2a4e84-4c21-4981-ae10-3fda0d9b0f83}">
<areas>
<clear />
<add name="Authentication" value="2" />
<add name="Security" value="4" />
<add name="Filter" value="8" />
<add name="StaticFile" value="16" />
<add name="CGI" value="32" />
<add name="Compression" value="64" />
<add name="Cache" value="128" />
<add name="RequestNotifications" value="256" />
<add name="Module" value="512" />
<add name="Rewrite" value="1024" />
<add name="FastCGI" value="4096" />
</areas>
</add>
<add name="ASP" guid="{06b94d9a-b15e-456e-a4ef-37c984a2cb4b}">
<areas>
<clear />
</areas>
</add>
<add name="ISAPI Extension" guid="{a1c2040e-8840-4c31-ba11-9871031a19ea}">
<areas>
<clear />
</areas>
</add>
<add name="ASPNET" guid="{AFF081FE-0247-4275-9C4E-021F3DC1DA35}">
<areas>
<add name="Infrastructure" value="1" />
<add name="Module" value="2" />
<add name="Page" value="4" />
<add name="AppServices" value="8" />
</areas>
</add>
</traceProviderDefinitions>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,Rewrite" verbosity="Verbose" />
</traceAreas>
<failureDefinitions statusCodes="200-999" />
</add>
</traceFailedRequests>
</tracing>
<urlCompression />
<validation />
<webdav>
<globalSettings>
<propertyStores>
<add name="webdav_simple_prop" image="%IIS_BIN%\webdav_simple_prop.dll" image32="%windir%\syswow64\inetsrv\webdav_simple_prop.dll" />
</propertyStores>
<lockStores>
<add name="webdav_simple_lock" image="%IIS_BIN%\webdav_simple_lock.dll" image32="%windir%\syswow64\inetsrv\webdav_simple_lock.dll" />
</lockStores>
</globalSettings>
<authoring>
<locks enabled="true" lockStore="webdav_simple_lock" />
</authoring>
<authoringRules />
</webdav>
</system.webServer>
<location path="" overrideMode="Allow">
<system.webServer>
<modules>
...
</modules>
<handlers accessPolicy="Read, Script">
...
<add name="WebServiceHandlerFactory-ISAPI-4.0_32bit" path="*.asmx" verb="GET,HEAD,POST,DEBUG" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
...
<add name="SimpleHandlerFactory-Integrated" path="*.ashx" verb="GET,HEAD,POST,DEBUG" type="System.Web.UI.SimpleHandlerFactory" preCondition="integratedMode" />
...
<add name="WebServiceHandlerFactory-Integrated" path="*.asmx" verb="GET,HEAD,POST,DEBUG" type="System.Web.Services.Protocols.WebServiceHandlerFactory,System.Web.Services,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" preCondition="integratedMode,runtimeVersionv2.0" />
...
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
</handlers>
</system.webServer>
</location>
</configuration>
You likely do not have the static content role installed in IIS express. See this question and answer for a similar problem/resolution and see if it helps you:
How to install umbraco in root folder of the IIS server in localhost?
I changed requireAccess from 'Read' to 'Execute' for following handler
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Execute" />
I now get following error on accessing
http://localhost:8080/MY_PATHJ/Service/ServiceName.asmx?wsdl
HTTP Error 403.1 - Forbidden
You have attempted to run a CGI, ISAPI, or other executable program from a directory that does not allow executables to run.
All my .aspx pages are still working fine.
I'm trying to set my default page to Index.html on an ASP.NET site running on IIS7.5. I keep getting a 404.4 which tells me that a handler is not set up. However, I have a <handler> and an <httpHandlers> value set up for my html pages. I've also specified the default document. Yet I keep getting a 404.4.
I CAN browse to myuri/index.html but I can't get it to load as the default.
Any suggestions?
Here's my web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings />
<connectionStrings />
<system.web>
<authentication mode="Windows" />
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.0" />
<httpHandlers>
<add path="*.html" verb="*" type="System.Web.StaticFileHandler" />
<add path="~/assets/*" verb="*" type="System.Web.StaticFileHandler"/>
<add verb="*" path="*.rastahook" validate="false" type="OpenRasta.Hosting.AspNet.OpenRastaRewriterHandler, OpenRasta.Hosting.AspNet" />
</httpHandlers>
<httpModules>
<add name="OpenRasta" type="OpenRasta.Hosting.AspNet.OpenRastaModule, OpenRasta.Hosting.AspNet" />
</httpModules>
<pages controlRenderingCompatibilityVersion="4.0" clientIDMode="AutoID" />
</system.web>
<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true" />
<defaultDocument enabled="true">
<files>
<clear />
<add value="/index.html" />
</files>
</defaultDocument>
<rewrite>
<rules>
<rule name="Remove WWW" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="threetasks.apphb.net{PATH_INFO}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<httpCompression directory="%SystemDrive%\websites\_compressed" minFileSizeForComp="1024">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" />
<httpProtocol>
<customHeaders>
<add name="X-UA-Compatible" value="IE=Edge,chrome=1" />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="OpenRasta" type="OpenRasta.Hosting.AspNet.OpenRastaModule, OpenRasta.Hosting.AspNet" />
</modules>
<handlers accessPolicy="Script,Read">
<clear />
<add name="StaticFile" path="index.html" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
<add name="StaticFiles" path="~/assets/*" verb="*"
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
<add name="OpenRasta" verb="*" path="*.rastahook"
type="OpenRasta.Hosting.AspNet.OpenRastaRewriterHandler, OpenRasta.Hosting.AspNet" />
</handlers>
<staticContent>
<!-- Set expire headers to 30 days for static content-->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
<remove fileExtension=".css" />
<mimeMap fileExtension=".css" mimeType="text/css; charset=UTF-8" />
<remove fileExtension=".js" />
<mimeMap fileExtension=".js" mimeType="text/javascript; charset=UTF-8" />
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json; charset=UTF-8" />
<remove fileExtension=".rss" />
<mimeMap fileExtension=".rss" mimeType="application/rss+xml; charset=UTF-8" />
<remove fileExtension=".html" />
<mimeMap fileExtension=".html" mimeType="text/html; charset=UTF-8" />
<remove fileExtension=".xml" />
<mimeMap fileExtension=".xml" mimeType="application/xml; charset=UTF-8" />
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<mimeMap fileExtension=".m4v" mimeType="video/m4v" />
<mimeMap fileExtension=".ogg" mimeType="video/ogg" />
<mimeMap fileExtension=".ogv" mimeType="video/ogg" />
<mimeMap fileExtension=".webm" mimeType="video/webm" />
<!--<mimeMap fileExtension=".svg" mimeType="images/svg+xml" />-->
<!--<mimeMap fileExtension=".svgz" mimeType="images/svg+xml" />-->
<remove fileExtension=".eot" />
<mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
<mimeMap fileExtension=".otf" mimeType="font/otf" />
<mimeMap fileExtension=".woff" mimeType="font/x-woff" />
</staticContent>
</system.webServer>
</configuration>
For handling static content in iis 7.5, you need to register mime type via the following element in web.config file within element. I am mostly used for mp4 videos withot it 404.4 error arises.
<staticContent>
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<!-- for html may be -->
<mimeMap fileExtension=".html" mimeType="text/html" />
</staticContent>
Taking a step back....where are you setting the default document?
If you set it in web.config, then you are saying that the ASP.Net runtime will/should handle .html extension. In other words, web.config pertains to ASP.Net.
Have you set the default document in IIS?
If its just a static file, there is no need for ASP.Net to even be involved - IIS should handle htm/html files out of the box.
What we ended up doing was splitting the project. Our goal was to have a service backend with a think JavaScript front end. Some of this is to try out different patterns and ideas we have. I'm writing the service and my friend is writing the front end. After talking about it, they don't need to be in the same project.
That is, I'll create an API and he'll create a client that can be hosted anywhere. With that in mind, my site will now just do API work, and will not need to deliver any html as a default page.