I want the IIS server to return HTTP 304 (Not Modified) when a particular file is accessed.
How can I set this up?
Check the "Enable Content Expiration" box on the HTTP Headers tab in IIS Manager:
IIS 6.0 F1: Web Site Properties - HTTP Headers Tab
AFAIK, it isn't possible to do this (in IIS). There are a few criteria that have to be met for this code to be sent out:
Client must have cached copy of page.
The request's If-Modified-Since HTTP Header Time/date stamp must match what's on the server.
If both of those conditions are true, the server will return a HTTP 304 status code.
Related
I'm testing TMS WEB Core 2 and DMVC 3.2.2 (latest) on Delphi 11.2 by me test machine locally.
I've created a simple DMVC server with all default's setup through the wizard nothing fancy except added the CORS option.
I've created a TMS Web core project with all default's setup as well with a WebHttpRequest and WebMemo components.
I ran the DMVC server and can get the result beautify on the browser.
I ran the TMS Web core project to send a request to the server using
WebHttpRequest which is like this:
WebHttpRequest1.URL := 'http://localhost:8080/api/test';
WebHttpRequest1.Execute(
procedure(AResponse: string; AReq: TJSXMLHttpRequest)
begin
WebMemo1.Lines.Add(AResponse);
end
);
However I got this error:
ERROR
HTTP request error #http://localhost:8080/api/test | fMessage::HTTP request error #http://localhost:8080/api/test fHelpContext::0
at http://localhost:8000/Project1/Project1.js [263:50]
and the browser developer console shows:
Access to XMLHttpRequest at 'localhost:8080/api/test' from origin 'localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'localhost:8080' that is not equal to the supplied origin.
I want to send a request from the client to the server and get the respond in the WebMemo..
I've checked online to find that it's a backend-end problem, and some say its related to CORS, So How can I enable the CORS on server side using DMVC?
Your configuration prevents the client from connecting.
Both the server name and the port must match the CORS rule. To fix this, change the CORS header to a matching value.
This could be
Access-Control-Allow-Origin: http://localhost
or
Access-Control-Allow-Origin: http://localhost:8000
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
So I am faced with a question and I believe it isn't possible but here it goes.
I have a Netscaler Load Balancing 2 web servers via a Load Balance VIP bound to a Content Switch serving up other web servers.
I have a rewrite policy that inserts HSTS into responses for 200 and this works without issue. When the back end servers go down we logically send a 503 to the client but the client wants to include HSTS in this response.
Is this at all possible? RFC6797 for HSTS describes HSTS for a serving web site and in this case the 503 is generated by the NetScaler but I wanted to confirm this is not a possiblity.
Any help is appreciated.
Yes this is possible. i.e use a content switch. bind your web application as policy with highest priority (lower value == higher pri.).
for instance policy 10 evals to true always. policy 10 points to your web server. policy 20 will then never be processed. if you web server goes down (referenced by policy 10) policy 10 will suddenly no longer be evaluated. Policy 20 will now be processed..
in policy 20 you put a responder policy of type "respond with" add your own friendly error message as raw http data and include hsts in the http header.. Your loadbalancer will only respond with 503 if it has no policy to process.. if you like you can respond with a 503 message in policy 20 aswell but i would reccommend to create a proper "down page" instead of a 503.
If you are generating your 503 page using a responder action, you will have to add the HSTS header to your response manually. Responder actions are annoying that way - they shortcut most of the output path that normal backend responses go though. The Netscaler simply returns the string verbatim without examining or changing the contents. So a respondwith action returning this expression would add your header:
"HTTP/1.1 503 Service Unavailable\r\n"+
"Content-Type: text/html;charset=utf-8\r\n"+
"Strict-Transport-Security: max-age=31536000\r\n"+
"\r\n"+
"<!doctype html><html><body>
Backend server for " + HTTP.REQ.HOSTNAME + HTTP.REQ.URL.HTTP_URL_SAFE + " is not responding.
</body></html>"
I have a TXT file, stored in a subfolder on my web site, and our Windows application reads this file through HTTP.
Our application just sends a request with minimum headers: HTTP verb, filename, protocol on first line and Host key to point the server. Web server (which is a shared hosting) returns 500 to this request, where it returns 200 to request populated by browser.
Using Fiddler, I added User-Agent header info to request and voila, it returned 200. Regardless of what the value is.
Now, we'll add this user-agent info into our application, but it takes time to update all clients. Hosting staff say they did not make any changes on server settings.
Is there any solution that I can apply using web.config?
Regards,
I have a client that issues an HTTP PUT to upload a file to a SharePoint server. This server requires authentication (NTLM or Negotiate). The client includes an "Expect: 100-Continue" header in the PUT request.
When I PUT the file to SharePoint2010 (IIS 7.5), the server immediately responds with a 401 error as soon as it receives the header. This allow the client to begin the authentication process without unnecessarily uploading the entire file.
When I PUT the file to SharePoint2013 (IIS 8.0), the server immediately responds with a 100-Continue. However, once the client has uploaded the file in the body of the request, it replies with a 401. This means that the client has uploaded the entire file just to receive an authentication error. The server should have been able to respond with the 401 prior to the client uploading all of the data, as IIS 7.5 does.
Is this change in behavior inherent in IIS8? Is there a configuration option that controls this? Is there something I can tweak in the header to change the server's behavior?
You must remove the expect: 100-Continue from your HTTP Header
This link will be usefull if you use .NET :
Removing the expect http header
I have an ASP.NET form (a login page), when I POST the values to the server, the request passes through a proxy and the POST pareameters end up getting lost and ultimately the page just refreshes as there are no POST parameters.
The thing is that this is not a constant issue as sometimes you can log in fine and generally if you clear your browser temp files it then works ok.
I ran Fiddler to check what's going on and basically I'm getting:
A regular POST request containing session id, POST data etc. The response (HTTP 407) contains a Proxy-Authenticate: Negotiate and Proxy-Support: Session-Based-Authentication header
The next request to the server contains a Proxy-Authorization: Negotiate header containing a long string (base64 i think). This request does NOT contain the POST values. The response is another 407 and actually now that i look at it Fiddler displays 'HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )' as the header.
Then there's a third request that contains the Proxy-Authorization header and returns 200 OK, but of course the POST values weren't sent
Subsequent requests result in a HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) response followed by a second successful but empty request.
The client wont let me bypass the proxy as it's intermittent and all other pages in the application (that include plenty of web forms) work fine.
Any ideas on what I can try?