I'm trying to override the httpCompression element within Web.config for a site on an IIS 7.5 running Windows 7, but it does not seem to be read at all.
To check, I've introduced typeos within the element, but I can't even get a configuration error.
Here is an example of the httpCompression element from Web.config
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files">
<SCHEMEx name="deflate" dll="%Windir%\system32\inetsrv\gzip.dll" />
<dynamicTypes>
<add mimeType="text/*" enabled="false" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<staticTUPES>
</staticTUPES>
</httpCompression>
When I introduce similar errors in other element (like ie modules) I get a configuration error, so I know the config file is read.
I've unlocked the section in ApplicationHost.config:
appcmd unlock config /section:system.webserver/httpcompression
But that did not work, so I changed ApplicationHost.config manually so it now reads:
...
<section name="httpCompression" overrideModeDefault="Allow" />
...
What I'm really trying to accomplish is to set "deflate" as the only compression scheme for one of my sites.
For this to work, after unlocking the application.config file you have to set the specific configuration via command line as well..
1) Unlock the httpCompression part of the application.config:
C:\Windows\System32\inetsrv\appcmd.exe unlock config /section:system.webServer/httpCompression
2) Lets suppose you want to handle dynamic JSON requests (e.g. mimetype = application/json), you should use this command:
C:\Windows\System32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /+"dynamicTypes.[mimeType='application/json',enabled='True']" /commit:apphost
3) If JSON requests is your case, you might also want to handle the charset=utf-8 variation, which for some reason is what IIS gives you back in most cases:
C:\Windows\System32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /+"dynamicTypes.[mimeType='application/json; charset=utf-8',enabled='True']" /commit:apphost
I had a slightly similar problem before, too long ago to remember in detail. I think I resorted to making the changes directly to the ApplicationHost.config (%windir%\system32\inetsrv\config), but not an ideal solution.
Assume you've looked here
http://www.iis.net/configreference/system.webserver/httpcompression -
Have you tried using the clear element as mentioned in this post?
Related
I am using asp.net core 3.1 and receiving values from URL. Its working fine but when I add "+" sign as a part of URL, it gives 404.
Example : localhost:9000/api/get/%2B12/values
+ is a special character. It should ideally be should be URL encoded as %2B.
Turns out it's not really required though (like in the screenshot below) but I still recommend it. (See: URL encoding the space character: + or %20?)
Here's a working example controller:
[ApiController]
public class ExpController : Controller
{
[Route("/api/exp/{arg}/values")]
public IActionResult Test(int arg) =>
Ok($"The arg is: {arg}");
}
Note how the route parameter is a int. For more complex values (other than just 12, +12, -12; eg: 12+12) the route will need to be a string instead.
version above IIS7 will refuse to request the URL contains symbols such as '+' by default. The following modifications are required. You need add the following nodes in web.config:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true"/>
</security>
</system.webServer>
But now the .net core project does not have web.config to configure IIS options. You need to go to the location:
vs project location /.vs/config/applicationhost.config to add the above node.
Note that the .vs folder is a hidden folder and needs to be set visible.
Option 1 :
Mess with config to bypass request validation / allowDoubleEscaping (Asp.Net)
You need to be aware for certain risk/vulnabilirities described here:
https://stackoverflow.com/a/53621095/4798459
.netcore :
Since this issues is related to IIS, not your solution. You need to handle a web.config
Create a new web.config on the root of your project.
Right click, properties, set "Copy to Output Directory" to "Copy Always"
When you publish a .net core app, a "basic web.config" file is created. (For iis)
You need to copy the content of the "basic web.config".
You can find the auto-generated web.config file:
Where your app is already published (local server?)
You can also publish your api temporarly to a random path on your PC, see details here https://docs.devexpress.com/OfficeFileAPI/401445/dotnet-core-support/publish-net-core-application)
The web.config should like so, i added the tag with a a commentt
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<!-- XML node <security> is added to allow allowDoubleEscaping and add support for + paremeter in a route. Risk:https://stackoverflow.com/a/53621095/4798459 -->
<security>
<requestFiltering allowDoubleEscaping="true"></requestFiltering>
</security>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments="[.\SolutionName.Namespace.dll]" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
Make sure that the step 2 is done before publishing your app otherwise it wont work.
Not tested with iisexpress
Option 2
Change pramater type in the api. Intead of being on the route, use a queryString instead
Option 3
Custom solution for request filtetring /routing, which i don't have any example, and seems a bit "over the top".
Option 4, to avoid:
Use an other solution for encoding / decoding special caracter (I have not tried)
https://stackoverflow.com/a/55637235/4798459
I am unable to get gzip compression working on IIS 8.5 on a Server 2012 R2 machine. I have done some research and followed the instructions found in these posts:
How to enable GZIP compression in IIS 7.5
Compression in IIS 8.5 not successful, stating ALREADY_CONTENT_ENCODING
GZip Compression On IIS 7.5 is not working
gzip compression not working with IIS 8.5
Here is the relevant section of my config:
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files" staticCompressionIgnoreHitFrequency="true">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<!-- I have read that dynamic compression increases server CPU load.
<dynamicTypes>
<add mimeType="text/*" enabled="true"/>
<add mimeType="message/*" enabled="true"/>
<add mimeType="application/javascript" enabled="true"/>
<add mimeType="*/*" enabled="false"/>
</dynamicTypes>
-->
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
Also, in IIS, I set compression to apply to anything larger than 256 bytes. And I have performed iisreset.
Nonetheless, I don't see the compression mentioned in my dev console in Chrome or IE and PageSpeed still tells me to compress stuff. What simple step have I missed?
It will be difficult to understand what is happening.Assuming that you have done all the IIS settings correct.
For checking if compression is working fine or not,How are you accessing the website. e.g. If you use an FQDN www.example.com ,please try and use localhost url. This will make sure your IIS settings are correct.
If localhost works fine and your Fully Qualified domain name does not work,then problem can be in the network.In order for compression to work,the browser needs to send request header accept-encoding:gzip, deflate . many at times your proxy or load balancer can trim this header and this header may not reach the IIS server.So IIS will never compresseven if all the settings are done right.
To verify what is happening for the request and why IIS did not compress the request,you can do the following.
make sure you have Failed Request tracing installed.
Configure your Failed Request Definition
Go to Failed Request tracing Modules
Click Add on the sidebar
Enable All Content and status as 200-999
And Finish the configuration.
Now reproduce the issue and you will get a traces captured in directory C:\inetpub\logs\FailedReqLogFiles\W3SVC .
Open the trace file(for each requests one file will be generated.Open the trace file in IE(make sure the request details matches the request you would like to verify) and go to the compact view
Search for Compression and also check the reason
As mentioned in answers to one of the questions the OP links to, be sure to check for any anti-virus software running on the server. In my case it was ESET. None of the IIS compression settings had an effect until the relevant ESET settings were disabled.
I'm leaving out details of the settings- I did what seemed like a pretty blanket disable and left it to IT to figure out which exact setting was most appropriate for compression to still work while retaining security.
I had a similar issue and was caused by ESET with some strange behavior.
It worked on some machines but not on the one with eset, it took me some time to realize.
What happened is that ESET caused chrome to downgrade http2 requests to http 1.1 and not compress them. It can be seen if you open network and enable 'protocol' column. After removing eset it worked even if I forced chrome to use http1.1 with '--disable-http2' flag
Anyway if it still not working I would try to (in addition to the other answers):
check if different clients behave the same (in my case only dev machine had the issue)
deploy a simple static site (event default one) and test
reinstall iis
check settings on iss server manager, configuration editor / system.webServer/httpCompression collection, change compression level
In an open source ASP.NET application I'm working on, I need to keep certain data in the configuration file private, while still keeping it easy for people to build and debug it on their own machine. This is data such as API keys, Mail Settings, etc..
How would I keep this data separate and out of the git repository while still allowing people to just pull and build without having to set up a bunch of stuff?
In your config file you can define configSource:
<configuration>
<appSettings configSource="filepath1.config" />
<connectionStrings configSource="filepath2.config" />
<!--etc-->
</configuration>
Put the configurations that you need to keep private in a separate config file, then exclude them in your .gitignore.
Keep in mind that this will ignore the whole section and overwrite it with the context you have in the referenced file.
You can also do Configuration Transform, which allows you to only overwrite a small set of variables in sections. For example:
In your main Web.config:
<configuration>
<appSettings>
<add key="Key1" value="Something I dont't Care"/>
<add key="Key2" value="Something dummy"/>
</appSettings>
</configuration>
And in your Web.Release.config:
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="Key2" value="Something I want to keep secret"
xdt:Transform="SetAttributes" xdt:Locator="Match(key)" />
</appSettings>
</configuration>
In this case the "Key2" value that you want to keep private will be in a separate file, and you can exclude the Web.Release.config through .gitignore.
Also there's another approach that I never tried, which can also overwrite config using external file.
I had a web.config in one of the websites on my IIS that was adding a support for .7z file extension. When I later added a global .7z support at the server level, this site was broken - IIS Manager is complaining that it "cannot add duplicate collection entry of type 'mimeMap'..." and all web requests to i.g. CSS files ended with an HTTP 500 error.
I was using this in the site's web.config:
<system.webServer>
<staticContent>
<mimeMap fileExtension=".7z" mimeType="application/x-7z-compressed" />
</staticContent>
</system.webServer>
Is there maybe some other syntax that would add 7z to the list only if it wasn't defined yet?
According to this, you should remove the global setting in the special config before adding it in a different form.
Explcitly:
<system.webServer>
<staticContent>
<remove fileExtension=".7z" />
<mimeMap fileExtension=".7z" mimeType="application/x-7z-compressed" />
</staticContent>
</system.webServer>
Of course this doesn't really help you now as you might just as well drop the local setting completely (as it's likely to coincide with the global setting). But if you had known this back when you added local 7zip support, you wouldn't have encountered the error now ...
Is there a quick and easy way to set a connection string in Web.Config to be the active connection string?
I basically want to name my connection strings appropriately and then set one as active without having to switch out the names or re-compile my application.
Something like this:
<add name="Current" connectionString="{Local}"/>
<add name="Local" connectionString=[...]" />
<add name="RemoteOnMyServer" connectionString=[...]" />
<add name="RemoteAzure" connectionString=[...]" />
I don't think that is possible the way you asked. But you can move the connection strings block to a separate file and then control which FILE is the active one:
<connectionStrings configSource="LocalDb.config"/>
Then you can have separate config files:
LocalDb.config
RemoteOnMyServer.config
RemoteAzure.config
<etc>
Each one of there would hold something like this:
<?xml version="1.0"?>
<connectionStrings>
<add name="namedConnectionString" connectionString="Data Source=..." providerName="..." />
</connectionStrings>
Swithcing between them then becomes a matter of changing the configSource on the <connectionStrings /> element.
Scott Hanselman has a good article describing using different configurations for different environments using the build setting in the compiler. I've used this with great success in some of my projects.
Have a look