Bandwith throttling in IIS 6 by IP Address - asp.net

I am writing an application that downloads large files in the background. All clients are logged in locally, or through a VPN. When they are logged in locally, I do not want to throttle downloads. However, I would like to limit downloads to 10 KBps when the user is connected via VPN. I can differentiate between these users by IP Address range.
Since this is an AIR Application, I figure I will throttle via server-side since I can do it from either the server itself (IIS 6) or the web service (asp.net / C#).
Throttling through IIS 6 seems to work fine, but it seems like it has to be done across the entire web site. Is there anyway to do this via IP? Or will I have to rig this up in .NET?

My first thought is this. I don't know if it would work but it would only take a few minutes to try.
Create two IIS web sites on the same server. The first site is bound to the public IP, but the second site is bound to the private IP. Both point to the same folder on the file system.
Your VPN users will be accessing via the private IP, so you can setup a "site-wide" rule on that site that will only affect VPN users. This should work for almost any IIS6 setting, including bandwidth throttling.
Worth a try, at least.
--
Edit: Tried this and it worked flawlessly.

Related

My Azure Website has an odd "HTTP success" pattern in the (Monitor) portal

I have a website hosted in Azure Websites as a Basic tier website.
I'm currently in the development stage, yet the site is live and accessible by the outside world (at least at a basic level), so I wanted to better understand the monitoring features in the Azure management portal.
When I looked at the monitoring tab inside the portal, I see an odd pattern for HTTP success. Looking at the past 60 minutes (which I personally have not been active on), the HTTP successes are very cyclic, with 80 connections, then 0, then 40, then 0, then repeat.
Does anyone have any pointers how I can figure out what the 80 and 40 connections are. I certainly don't have any timed events in my code, so there shouldn't be any calls being made unless a person is actually hitting the site.
UPDATE:
I setup a staging server and blocked all incoming traffic except my own IP. So the same code running, just without access from the outside world. And the HTTP success appears only when I hit the server myself (as expected). This suggests that my site is being hit by an outside bot maybe? Does anyone know how to protect against this? Or at least diagnose if the requests are not legitimate, etc?
I'd say it's this setting that causes the traffic:
Always On. By default, websites are unloaded if they are idle for some period of time. This lets the system conserve resources. In Basic or Standard mode, you can enable Always On to keep the site loaded all the time. If your site runs continuous web jobs, you should enable Always On, or the web jobs may not run reliably
http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure/
It's just a keep alive to avoid cold starts every time you or someone else visit your site.
Here's another reference that describes this behavior:
What the always-on feature does is simply ping your site every now and
then, to keep the application pool up and running.
And Scott Gu says:
One of the other useful Web Site features that we are introducing
today is a feature we call “Always On”. When Always On is enabled on a
site, Windows Azure will automatically ping your Web Site regularly to
ensure that the Web Site is always active and in a warm/running state.
This is useful to ensure that a site is always responsive (and that
the app domain or worker process has not paged out due to lack of
external HTTP requests).
About the traffic in general: First of all, the requests could really only come from Microsoft, since any traffic pattern like this will quickly be automatically detected and blocked when using Azure Websites - you cannot set up a keep alive like this yourself. Second, no modern bot whatsoever would regularily ping a specific page with that kind of regularity since it's all to obvious. Any modern datacenter security appliance would catch that kind of traffic and block/ignore/nullroute it.
As for your question regarding protection and security: Microsoft cannot protect your code from yourself. However, everything at the perimeter is managed and handled by Microsoft. That's one of the USP features of Azure - Firewall, Load Balancing, Spoofing, Anti-bot and DDOS protection etc. There will of course always be security concerns regarding any publicly exposed service but you can stay focused on your application while Microsoft manages the rest.
When running Azure Websites, you're in the hands of Microsoft regarding security outside of your application scope. That's a great thing, but if you really like to be able to use other security measures you'll have to set up a virtual machine instead and run your site from there.
You may want to first understand what are these requests. Enable web server logging for the website on Azure Management portal and download IIS logs for your website after seeing this pattern. Then check those to understand the URL, client ip addresses for the requests and user agent field to identify if the requests are really from search bots. Based on the observation, you can either disable some IP statically, use dynamic ip restrictions or configure URLREWRITE to block requests with specific patterns in request or request headers
EDIT
This is how you can block search bots - http://moz.com/ugc/blocking-bots-based-on-useragent
You can configure the URLREWRITE locally on an IIS server in the way described in the above article and then copy the configuration generated in the web.config or connect to the azure website directly using IIS manager as described in http://azure.microsoft.com/blog/2014/02/28/remote-administration-of-windows-azure-websites-using-iis-manager/ and configure urlrewrite rule

How do I autostart an IIS service on shared hosting (no access to ApplicationHost.config file)?

Is it possible to have an IIS service autostart with no access to the ApplicationHost.config file?
I have shared hosting on GoDaddy, with a few IIS services running. One of these services contains a method that starts a timer and updates some data on my server every 15 minutes. This is necessary for my Windows Phone app to function correctly.
However, GoDaddy seems to restart their servers once or twice every weekday at random times, which stops the service (and the necessary timer) from running until I call the method from a client application. I have to check pretty frequently to see if things are running and then start the service manually.
I'd like the service to start automatically whenever GoDaddy restarts the server, but since it's shared hosting I don't have access to ApplicationHost.config, and there doesn't seem to be an option for it in GoDaddy's IIS settings.
Anyone have any ideas?
Thanks!
IIS will recycle/terminate an idle Web app/w3p.exe every 20 minutes by default, for many good reasons. IIS also have a lot settings to restart Web apps that consume to much resource or generate too many errors. GoDaddy would restart servers regularly to clean up environment, since the servers might host a lot web applications with poor quality.
Basically you can do
You have a 24x7 machine, and you write a program or use cUrl to send
client requests to your Web app every 1, 5, or 10 minutes to wake
up.
If you don't have a 24x7 machine, you may try some function in
Amazon AWS to do wake up/warm up calls. I don't remember the
respective service name in Amazon.
Or you contact Godaddy's technical support about this issue.

IIS slow down client request without Internet

I have a server (windows server 2008 r2) which hosting an asp.net web application locally using IIS. I also have several client PCs connected to the network which allow client PCs to access the website locally by hostname or IP address (e.g. http:// server / or http:// 192.168.1.200 /)
My Internet connection is not stable, up and down (disconnect) quite frequent. Because of that I discovered that my web application access from client PCs is smooth (load time less than 5 secs per page) when my Internet connection is ON (connected), but on the other hand, when the Internet connection is down (disconnected), access to the web application from client PCs take around 15-17 secs to complete the page load, every pages.
I doubt that this is related to IIS itself or my configuration is wrong.
Is there anyone else having the same issue? Any fixes?
Problem resolved.
I didn't know that System.net.dns.gethostentry require Internet to work properly. So I have disable this function for my system to run smoothly now.

Is it possible to optimally route browser data: try localhost then local network then internet

Let's say that I'm building a web app that will be required to exchange data with 3 possible entities:
Another open browser window open on the same machine.
A browser on a different machine that is still within the same intranet.
A browser on a machine outside of the intranet.
Is it possible to somehow finagle to HTTP protocol so that the data is optimally routed?
If the transfer is on the same machine, then the request should never even reach the router.
If the transfer is in the intranet, then the request should never make it onto the internet at large.
If the transfer is outside of the intranet - then so be it.
This has nothing to do with HTTP.
What you want is exactly what properly configured routing does.
You need a combination of a properly configured DNS and a router and communication with local hosts will never pass the router.

Website accessible from everywhere except for client's network

My client has a website that is showing some strange behavior. The site is built in ASP.Net and used to be hosted on their internal network. It's now been moved to a different server outside their network. They have other sites hosted on the same server, some built using DotNetNuke, and some classic ASP. All these sites are hosted on one application server, with a database (SQL Server 2008) on a separate server (which is on the same network as the application server). They share the application server, and the database server.
Now that this site has been moved to the outside server, they can't access it. I can, and so can others that I work with (from different IPs, across the country). But the client can't from their network. They can access the landing page subsite.clientdomain.com (no db access), but nothing else. So, for instance, there's a link to subsite.clientdomain.com/folder. When they click that link, the URL changes to subsite.com/folder, which does not work. For myself and others not at the client site, the URL does not change and opens with no problems.
I didn't write the site, and didn't even know it existed before this problem cropped up, so I know very little more than this. Any help is appreciated.
I'm going to go with Martijn B's answer. There's a DNS issue on the internal network. Somewhere on of the DNS servers is a definition that maps http://companywebsite to an ip address like 192.168.1.20 or whatever.
I would open a command prompt on your PC and type
ping new_website_name.com
Take a look at the IP address that comes back. You can also do an nslookup on new_website_name.com that will give you more information. If you (person A) gets one IP address and Person B (inside the network) gets a different IP address....there is definitely a DNS issue on the internal network.
You're going to have to do some network tracing to determine exactly where any redirection is occurring. Given that the problem is only manifested in certain locations, it is likely that it is a function of network configuration in that location (as previously suggested). Without understanding exactly what redirection is occurring, it would be unwise to make configuration changes that might make the problem worse or introduce new issues.
A DNS server cannot AFAIK redirect to a different URL. So something is redirecting from subsite.clientdomain.com/folder to subsite.com/folder, which could be caused by a HTTP redirect. This can be triggered by the software/website itself or by IIS.

Resources