In IIS7 I right click on the site and choose "Switch to content view" then add a text file called test.txt right click again and switch to features view. Double click the http redirect icon and see it's not forwarding.
Right click the site and switch to content view again now right click on test.txt and choose browse only to be forwarded to some other site that gives me 404 for not having /test.txt.
I don't know where to look anymore as the settings mentioned above would indicate there would be no forwarding but opening the file proves that it does.
When using forcecors plugin for firefox and making a ajax request to the text file I can see the response header: Location http://some_other_site/test.txt.
Hope it's something simple.
[update]
In the application I checked out the settings under "Url rewrite" and found a rule that redirects. Removed this rule and stopped started IIS but it's still forwarding. Could not find anything under System32\inetsvr\config that would indicate redirecting.
After removing the url rewrite rule and testing in the browser it kept on forwarding because I think my browser remembered it was moved. Cache settings on IIS should check if file has changed after it was last cached (I think last modified headers) but somehow a redirect works differently. Did not clear my browser cache and even doing that could still cause a problem with proxies caching it.
What I did was opening it this way:
http://develop.mysite.com/test.txt?refresh=newValue
Like magic I wasn't redirected and it works now. Start FF with another profile and see if that solves the problem as the new profile should not be aware of the sites response being "permanently moved" by a previous request.
Related
For some reason DNN generates url for src of iframe inside every modal for editing module or module settings with different protocol on localhost and prod. On localhost when page is opened via https, iframe also has https url. At the same time on prod when page is opened via https, DNN generates http url there for some reason. As result I'm getting this error in dev tools console:
Mixed Content: The page at "" was loaded over HTTPS, but requested an
insecure frame. This request has been blocked; the content must be
served over HTTPS.
Found this solution.
Disabling modals would be really stupid solution as I need editing and settings for DNN modules. So I used workaround with meta tag added to a website via PersonaBar.
That fix actually works, but firstly, it's not the most convenient solution. Secondly, it's a crutch. If localhost can generate https link, then it means that prod also can. But why it doesn't? It's a code that is generated by DNN, not by my code. So as result I don't understand right now what's going on about it and why.
P.S. Just in case to clearify what I'm talking about:
login as superuser to your website
click pencil button to edit page
hover over any DNN module
click pencil icon "Edit module" or gear icon "Settings" (doesn't matter)
that's the modal window with iframe I'm talking about
P.S. I've asked this question at DNN forum yesterday already, but didn't recieve any answers there, so I'm duplicating it here.
DNN's SSL implementation requires a number of things to be in alignment, however, the following should be correct.
Within the security section SSL needs to be enabled, AND enforced, and the page that you are on also has to have the "Secure" flag set.
This is working for us in all production environments, so you so you should be fine.
(If using SSL Offloading, its a bit more tricky)
When I upload a new .aspx file, the server continues showing the old version.
What I've tried:
Forced page refresh: Control+R or Control+F5
Deleted the file on the
server & refreshed page.
Expected result: new page shown (or 404 error when page deleted)
Actual result: old page dhown.
Repro steps:
View https://www.bungalowsoftware.com/subscription/info/default.aspx
The START NOW button shows a link to .../create.aspx
View in File Manager and that button shows link to /buy
RENAME$ /default.aspx to something else (default.disabled.aspx, etc.)
Browse to the site again. Should give a 404, but still shows page.
This is happening with every aspx page I've tested.
Note: if I update or add plain .html files* the new versions show up immediately through the browser.
*in the same directory as the .aspx page I'm testing.
To resolve the cache issue you could follow the below steps:
1)Open Internet Information Services (IIS) Manager.
2)In the Connections pane, go to the site for which you want to disable caching.
3)From the middle pane, double-click HTTP Response Headers.
4)In the HTTP Response Headers pane, click Set Common Headers... in the Actions pane.
5)In the Set Common HTTP Response Headers dialog box, check the box to expire Web content, select Immediately, and then click OK.
Note: After making changes to the iis site folders or pages do not forget to restart iis server or site.
As the title suggests, http://localhost/mywebapp is being automatically added to urls within my application.
User clicks an https hyperlink, but instead of browsing to
https://correcturl.something.com
it goes to http://localhost/mywebapp/https://correcturl.something.com
ie the localhost part is being automatically added. I'm sure there is an IIS setting that we are missing here.
It might not be IIS. If you're forming your URLs improperly, I'm pretty sure the browser will handle redirect to "current url" + "redirecting url".
example:
if you execute the following in a javascript console, you will not get redirected.
window.location.href = "/http://google.com";
Running that off stackoverflow page sends me to https://stackoverflow.com/http://google.com
which is incorrect.
I'm assuming that if you're testing urls in some dev environment locally, you'll produce a similar result against localhost. I can't give you a better answer without more information, however I would begin by looking for something in your app similar to what I described.
I have a test web page in Azure cloud where I have login page in https. My problem is that if I get to the login page via redirect, neither the CSS or images get loaded in WP7 default browser - IE. Certificate is a self signed one - so I get the warning from browser before getting to the actual page.
The strange thing is that if I just click on refresh button after the initial loading - CSS and images gets loaded OK. Also, if I go to the https login page directly without going through redirect - everything works OK again.
Server side is done with MVC3 and https redirect is done by adding [RequireHttps] attribute before the controller.
Fiddler logs do not show anything that would help me. In the redirect case I can see that after the html page has been loaded there is handshaking for getting the https tunnel up, but no requests for css or images. When I click refresh, Fiddler log seems to start the same way, but this time also CSS and image is loaded.
I have done quite a bit googling on this and none of the answers that I have found seem to help. CSS and image are loaded with relative links, so that should not be the issue. Directory access rights should be OK as well, because it works without redirect. It also works OK in Desktop IE and other mobile browsers that I have tried on.
Any help would be greatly appreciated.
I have a web application that runs perfectly fine when I use the Visual Studio 2010 development server (Cassini). However when I try to use IIS Express to host the site Chrome just displays a "Bad Request - Request Too Long" error. The IIS Express site does display in other browsers (FireFox and IE9) so I'm kind of confused. The error occurs in Chrome when I try request pages in my application or even basic resources like an image, so I don't think it is an issue with URL rewriting or routing.
Just to see if the problem was somehow a result of my site's code, I created a new MVC3 website and tried running that. This worked in the VS development server, but once again produced the "Bad Request" error when running under IIS Express.
I am about to start testing the site using some mobile devices so I need to get this running under IIS. Any suggestions would be greatly appreciated.
EDIT:
The root url of the site (http://localhost:50650/) is being requested using GET. I am currently using Chrome v12.0.742.112.
I get this all the time ONLY in Chrome and I have to clear browsing data to fix it.
Wrench > Tools > Clear Browsing Data
Check the following:
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site data
Then click "Clear Browsing Data" button and refresh your page.
UPDATE:
I figured out that it has to do with writing too many cookies to the browser and that if you just close all instances of Chrome, the error goes away for a while. To prevent it, you'll need to clear out your cookies programmatically.
Instead of clearing all the cookies, just do the following:
Right click the lock in the address bar area (see picture below)
Under cookies there is a link saying how many cookies are used
Click that link
Remove all cookies in there (or just the troublesome if you can identify them)
Problem gone
This error is caused by a corrupt cookie for the website you are trying to view, so to clear it all you need to do is clear the bad cookie(s) for that website.
In Chrome, go to...
chrome://settings/cookies
(Or manually go to Settings->Advanced Settings->Privacy->Content->All Cookies and Site data)
From there, you can search for cookies that match the site you are having problems on. Finally, click "remove all" for the matching cookies.
The problem is usually that the site in question has accumulated too many cookies or created cookies which are too large, making the HTTP headers swell beyond the allowed maximum.
One-time work-around
As has been mentioned, you can go to Settings|Advanced|Content Settings|All Cookies and Site Data, search for the site in question, and delete the cookies using the X button on the right. This reduces the header size of the HTTP request when contacting the site.
Long-term work-around
In addition to removing them one-time, however, you can prevent further problems with heavy cookie sites by going to Settings|Advanced|Content Settings|Manage Exceptions, and add the base site url (e.g. "msdn.microsoft.*" without the quotes) and select Behavior as "Clear on Exit". You might have to login more often to these sites, but this should prevent the problem.
I encountered this problem when using ADB2C login from ASP.NET WebApp. In Firefox you can do similar use case to delete related coockies and problem is gone for a while. Click on HTTPS (i) lock icon with, select ">" button on the right, select More information, select Security tab, click on View Cookies and click on Remove All. Done 4 a while.
If Above methods didn't work then enter
chrome://settings/resetProfileSettings
and Click on Reset Settings
This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your bookmarks, history and saved passwords will not be cleared.