There are quite a few organizations that have their infrastrucutre running on Windows yet the web presence runs on Apache. This site once ran on Apache as well but I used my Windows CA to create an SSL certificate for the server. Someone asked me how to do this and here is how!
On the Linux server open up a terminal and run the following commands. The first one creates the private key
openssl genrsa -des3 -out mywebserver.key
Next we must validate the key and we can do this with
openssl rsa -noout -in mywebserver.key
Once this is complete we need to create the CSR. The CSR is what we will generate the private key we will hand to the Windows CA.
openssl req -new -key mywebserver.key -out mywebserver.csr
Again we have to validate this key
openssl -noout -text -in mywebserver.csr
Lastly we can “print” the certificate requset to import
Continue reading Windows Certsrv SSL Certificates and Apache
MIME (Multipurpose Internet Mail Extensions) types are used to instruct a Web browser or mail application how to handle a file received from a server. For example, when your Web browser requested an item on this server, it also requested the MIME type of the object.
Some MIME types, JPEG’s for example, can be displayed inside the browser. Others, such as Word or Excel documents or EXE files, require an external helper application to be displayed or downloaded. You may have tried to make some files downloadable from your web server only to get an error when trying to view or download the file.
HTTP Error 404 – File or directory not found.
You know the file is there and the link is correct, but what you missed was defining the MIME type on the server. There are two ways you can remedy this, you can add a
Continue reading IIS 6.0 MIME Type Handling
Windows Server 2003 provides us several ways to manipulate IIS, the first being GUI based. This, while useful, becomes cumbersome if you are administering more than a few sites. The second option is to do things programmatically, either utilizing the build in scripts, or writing your own. TLA reader Gerald Bunch has written an excellent how to on creating IIS Application Pools with VBS.
To do this, one must get their hands dirty. No fears, however, notepad and VB script have caused many a headache, but never a fatality. First, the script
If we take a look at IIS Manager after the script is run we should see the new Application Pool.
For more information see:
IIS Command Line Administration
Download CreateAppPool.vbs Script
Using IIS, you can host multiple Web sites on a single server. There are a number of ways to distiguish between them but host headers allow you to host them on a single IP Address and Port. With IIS 6.0 you can also use host headers on SSL web pages as well.
IIS allows you to assign multiple Web sites the same IP Address/Port and distinguish them from each other with host headers. When an IIS server receives a request for a Web page, it looks for the HTTP header which contains the actual domain name requested. IIS can then use this information to “route” the request to the proper Web site. In order to configure SSL with host headers, you will need to obtain a wildcard server certificate. In order to do this you first must create the certificate request. Follow the normal procedure, however when you are asked
Continue reading IIS 6.0 and SSL Host Headers
A “best practice” for Exchange 2000 and 2003 server performance is to move the SMTP queues to a seperate partition. The queue is located in the Mailroot directory and the default location is Program FilesExchsvrMailrootvsi # (# is the SMTP Virtual Server number).
To move the Queues we first need to create a new Queue folder and a new Badmail folder, moving the Badmail directory is not necessary but still recommended. It is also recommended to place these directories on a redundant array. Next open up the Exchange System Manager and drill dow to the SMTP Virtual Server, right click and select Stop. Next right click and select Properties, then click the Messages tab. Under the Queue Directory heading, enter in the new path to the SMTP Virtual Server queue directory.
You can do the same for the Badmail directory.
Continue reading Moving the SMTP Mailroot Directories
If you have ever looked through your web server logs, or come across a 404 error on a website you are familiar with HTTP response codes. These codes tell you that a request has been processed, if it was successful, or if an error occured.
These response codes can tell you a lot, and are very useful when it comes to troubleshooting, but what exactly do they all mean? The following is a list of HTTP Response codes and their meaning. There is a PDF that you can download at the end of this article as well.
For more information see:
HTTP Response Code download
Article ID: 318380 – IIS Status Codes
Popular HTTP Response Codes In Detail
Logging traffic to your websites can offer a slew of information that maybe useful to IT staff, management and marketing. By determinig which pages are most popular, where visitors are coming from, and what browser they are using is helpful information you can use to improve your website.
IIS 6 supports four different logging formats:
Internet Information Services (IIS) includes an FTP component which can be used to transfer files. If you have multiple FTP users and wish to isolate them from each other you can use FTP Isolation to accomplish this goal. This can be used if you are hosting multiple web sites and only want the FTP user to have access to their WWW root directory.
There are two modes that the IIS FTP Service can run in, normal mode and isolation mode. The first step, after installing the FTP service, is to delete the Default FTP Site.
Next we will create a new FTP Site. Right-click on the FTP Sites node in the IIS Manager MMC and select New –> FTP Site.
The FTP Site Creation Wizard will start up, click Next to proceed. Enter a description for the site and click Next.
Continue reading Isolating IIS FTP Users
Using IIS, you can host multiple Web sites on a single server. There are a number of ways to distiguish between them but host headers allow you to host them on a single IP Address and Port.
When hosting multiple websites on a single IIS server, you can configure each Web site to use a different static IP address. This can be expensive as public static IP’s are not unlimited in quatity. You can host them all on one IP/Port and host them over different ports but that is not very user friendly.
IIS allows you to assign multiple Web sites the same IP Address/Port and distinguish them from each other with host headers. When an IIS server receives a request for a Web page, it looks for the HTTP header which contains the actual domain name requested. IIS can then use this information to “route” the request to the proper
Continue reading Configure IIS 6.0 Host Headers
Configuring a honeypot in IIS is a simple task that you can do to reduce attacks on your IIS webservers. Now this is not exactly a honeypot, a honeypot is a host with known vulnerabilities deliberately exposed to a public network, but more of a redirector of traffic. Using HTTP Host Headers, it is possible to divert hacker traffic to a non-existent site.
Hackers will use port scanners to find IP addresses with TCP 80 open and when they have a list compiled run a series of hack attempts against these IP addresses. Your end users on the other hand use DNS names to access your website, so this won’t affect them in anyway. By enabling host headers on the website(s) and redirecting IP attempts we can track where the attacks are coming from yet maintain availability for end users. Let us begin setting up the honeypot.
First thing we
Continue reading Configure an IIS Honeypot