diff --git a/.openpublishing.build.ps1 b/.openpublishing.build.ps1 deleted file mode 100644 index aadef7620..000000000 --- a/.openpublishing.build.ps1 +++ /dev/null @@ -1,17 +0,0 @@ -param( - [string]$buildCorePowershellUrl = "https://opbuildstorageprod.blob.core.windows.net/opps1container/.openpublishing.buildcore.ps1", - [string]$parameters -) -# Main -$errorActionPreference = 'Stop' - -# Step-1: Download buildcore script to local -echo "download build core script to local with source url: $buildCorePowershellUrl" -$repositoryRoot = Split-Path -Parent $MyInvocation.MyCommand.Definition -$buildCorePowershellDestination = "$repositoryRoot\.openpublishing.buildcore.ps1" -Invoke-WebRequest $buildCorePowershellUrl -OutFile "$buildCorePowershellDestination" - -# Step-2: Run build core -echo "run build core script with parameters: $parameters" -& "$buildCorePowershellDestination" "$parameters" -exit $LASTEXITCODE diff --git a/iis/TOC.yml b/iis/TOC.yml index 6aca2baec..4a82b1a6c 100644 --- a/iis/TOC.yml +++ b/iis/TOC.yml @@ -282,10 +282,6 @@ href: manage/configuring-security/analyzing-client-usage-data-with-iis-user-access-logging.md - name: Configure Request Filtering in IIS href: manage/configuring-security/configure-request-filtering-in-iis.md - - name: IIS 8 - Certificate Management and Deployment - href: manage/configuring-security/iis-8-certificate-management-and-deployment.md - - name: IIS 8 - Sandboxing and Security - href: manage/configuring-security/iis-8-sandboxing-and-security.md - name: Managing Performance Settings items: - name: Improving Performance with Native Output Caching @@ -296,8 +292,6 @@ href: manage/managing-performance-settings/walkthrough-iis-output-caching.md - name: Configure IIS 7 Output Caching href: manage/managing-performance-settings/configure-iis-7-output-caching.md - - name: Use Bit Rate Throttling - href: manage/managing-performance-settings/use-bit-rate-throttling.md - name: Managing your Configuration Settings items: - name: Delegating Configuration to web.config Files @@ -602,8 +596,6 @@ href: troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis.md - name: Using Failed Request Tracing Rules to Troubleshoot Application Request Routing href: troubleshoot/using-failed-request-tracing/using-failed-request-tracing-rules-to-troubleshoot-application-request-routing-arr.md - - name: Troubleshoot with Failed Request Tracing - href: troubleshoot/using-failed-request-tracing/troubleshoot-with-failed-request-tracing.md - name: Troubleshooting Failed Requests Using Tracing in IIS 8.5 href: troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis-85.md - name: Performance Issues @@ -707,8 +699,6 @@ href: extensions/troubleshooting-application-request-routing/troubleshooting-502-errors-in-arr.md - name: URL Rewrite Module items: - - name: URL Rewrite Module - Video Walkthrough - href: extensions/url-rewrite-module/url-rewrite-module-video-walkthrough.md - name: Using the URL Rewrite Module href: extensions/url-rewrite-module/using-the-url-rewrite-module.md - name: Creating Rewrite Rules for the URL Rewrite Module @@ -773,8 +763,6 @@ href: extensions/introduction-to-iis-express/iis-75-express-readme.md - name: IIS 8.0 Express Readme href: extensions/introduction-to-iis-express/iis-80-express-readme.md - - name: IIS 8 - IIS Express for Developers - href: extensions/introduction-to-iis-express/iis-8-iis-express-for-developers.md - name: Using IIS Express items: - name: Using the Windows System Tray to Manage Websites and Applications @@ -972,8 +960,6 @@ href: web-hosting/getting-started/deploying-a-static-content-server.md - name: Using Windows SharePoint Services 3.0 on IIS 7.0 href: web-hosting/getting-started/using-windows-sharepoint-services-30-on-iis.md - - name: Microsoft Web Platform Privacy Statements - href: web-hosting/getting-started/microsoft-web-platform-privacy-statements.md - name: Frequently Asked Questions (FAQ) items: - name: Tools and Utilities Questions @@ -998,12 +984,8 @@ href: web-hosting/migrate-to-the-microsoft-web-platform/breaking-changes-for-aspnet-4-apps-running-on-iis-7-integrated-mode.md - name: IIS 7 for Apache Administrators href: web-hosting/migrate-to-the-microsoft-web-platform/iis-for-apache-administrators.md - - name: Migrate to a Windows-Based Platform - href: web-hosting/migrate-to-the-microsoft-web-platform/migrate-to-a-windows-based-platform.md - name: Migrate from MySQL to SQL Server 2008 href: web-hosting/migrate-to-the-microsoft-web-platform/migrate-from-mysql-to-sql-server-2008.md - - name: How to Migrate to the Microsoft Web Platform - href: web-hosting/migrate-to-the-microsoft-web-platform/how-to-migrate-to-the-microsoft-web-platform.md - name: Configuring Components items: - name: Enabling LINQ with ASP.NET @@ -1054,8 +1036,6 @@ href: web-hosting/configuring-servers-in-the-windows-web-platform/sql-server-2005.md - name: SQL 2008 for Hosters href: web-hosting/configuring-servers-in-the-windows-web-platform/sql-2008-for-hosters.md - - name: Configure your Servers for the Windows Web Hosting Platform - href: web-hosting/configuring-servers-in-the-windows-web-platform/configure-your-servers-for-the-windows-web-hosting-platform.md - name: Installing Infrastructure Components items: - name: Planning the Deployment diff --git a/iis/configuration/system.applicationHost/sites/site/bindings/binding.md b/iis/configuration/system.applicationHost/sites/site/bindings/binding.md index c07086b2e..06882ccc9 100644 --- a/iis/configuration/system.applicationHost/sites/site/bindings/binding.md +++ b/iis/configuration/system.applicationHost/sites/site/bindings/binding.md @@ -101,7 +101,7 @@ You can add `` elements within the `` element for each site i | --- | --- | | `bindingInformation` | Required string attribute.

Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. | | `protocol` | Required string attribute.

Specifies the protocol for communicating with a site. | -| `sslFlags` | Optional uint attribute.

Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.
Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address. For more information, see [IIS 8.0 Server Name Indication (SNI): SSL Scalability](/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability).

The sslFlags attribute is only set when the protocol is **https**. The default value is `0`. | +| `sslFlags` | Optional `uint` attribute that works like flags type, with the following possible flags:
Value Description
0 The secure connection made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.
1 The secure connection made using the port number and the host name obtained by using Server Name Indication (SNI).
2 The secure connection be made using the centralized SSL certificate store.
4 Disable HTTP/2.
8 Disable OCSP Stapling.
16 Disable QUIC.
32 Disable TLS 1.3 over TCP.
64 Disable Legacy TLS.
Centralized SSL certificate support enables creating a centralized certificate store that can contain multiple certificate files. The certificate files can be named to correspond to the host names that they contain. This enables creating a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the **Add Site Binding** dialog box when adding a binding with a type of HTTPS. This is useful for SSL connections that host multiple servers on a single network address.

Values greater than 4 are only supported in IIS 10 version 1809 and higher. The default value is `0`. | ### Child Elements diff --git a/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md b/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md index df818112d..255958333 100644 --- a/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md +++ b/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md @@ -76,7 +76,7 @@ You can add default `` elements within the `` element in the | --- | --- | | `bindingInformation` | Required string attribute.

Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. | | `protocol` | Required string attribute.

Specifies the protocol for communicating with a site. | -| `sslFlags` | Optional uint attribute.

Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.
  • A value of "0" specifies that the secure connection be made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.
  • A value of "1" specifies that the secure connection be made using the port number and the host name obtained by using Server Name Indication (SNI).
  • A value of "2" specifies that the secure connection be made using the centralized SSL certificate store without requiring Server Name Indicator (SNI)
  • A value of "3" specifies that the secure connection be made using the centralized SSL certificate store while requiring Server Name Indicator (SNI)
Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address.

The default value is `0`. | +| `sslFlags` | Optional `uint` attribute that works like flags type, with the following possible flags:
Value Description
0 The secure connection made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.
1 The secure connection made using the port number and the host name obtained by using Server Name Indication (SNI).
2 The secure connection be made using the centralized SSL certificate store.
4 Disable HTTP/2.
8 Disable OCSP Stapling.
16 Disable QUIC.
32 Disable TLS 1.3 over TCP.
64 Disable Legacy TLS.
Centralized SSL certificate support enables creating a centralized certificate store that can contain multiple certificate files. The certificate files can be named to correspond to the host names that they contain. This enables creating a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the **Add Site Binding** dialog box when adding a binding with a type of HTTPS. This is useful for SSL connections that host multiple servers on a single network address.

Values greater than 4 are only supported in IIS 10 version 1809 and higher. The default value is `0`. | ### Child Elements diff --git a/iis/extensions/introduction-to-iis-express/iis-8-iis-express-for-developers.md b/iis/extensions/introduction-to-iis-express/iis-8-iis-express-for-developers.md deleted file mode 100644 index f9f268c06..000000000 --- a/iis/extensions/introduction-to-iis-express/iis-8-iis-express-for-developers.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: "IIS 8 - IIS Express for Developers" -author: rmcmurray -description: "Robert McMurray gives an overview of IIS Express." -ms.date: 09/19/2013 -ms.assetid: 7f3b4fab-8149-4217-ac70-7a1e05a17226 -msc.legacyurl: /learn/extensions/introduction-to-iis-express/iis-8-iis-express-for-developers -msc.type: video ---- -# IIS 8 - IIS Express for Developers - -by [Robert McMurray](https://github.com/rmcmurray) - -Robert McMurray gives an overview of IIS Express. \ No newline at end of file diff --git a/iis/extensions/url-rewrite-module/url-rewrite-module-video-walkthrough.md b/iis/extensions/url-rewrite-module/url-rewrite-module-video-walkthrough.md deleted file mode 100644 index a2f7809fe..000000000 --- a/iis/extensions/url-rewrite-module/url-rewrite-module-video-walkthrough.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: "URL Rewrite Module - Video Walkthrough" -author: ruslany -description: "This video demonstrates how Microsoft URL Rewrite Module for IIS 7.0 and above can be used to accomplish common URL manipulation tasks: Enabling user friendl..." -ms.date: 09/19/2008 -ms.assetid: 3c5fdd57-4b7a-4070-b58f-c775876815b4 -msc.legacyurl: /learn/extensions/url-rewrite-module/url-rewrite-module-video-walkthrough -msc.type: video ---- -# URL Rewrite Module - Video Walkthrough - -by [Ruslan Yakushev](https://github.com/ruslany) - -This video demonstrates how Microsoft URL Rewrite Module for IIS 7.0 and above can be used to accomplish common URL manipulation tasks: Enabling user friendly and search engine friendly URLs for dynamic web pages Enforcing canonical host names for web sites Using rewrite maps Blocking unwanted requests diff --git a/iis/extensions/url-rewrite-module/using-custom-rewrite-providers-with-url-rewrite-module.md b/iis/extensions/url-rewrite-module/using-custom-rewrite-providers-with-url-rewrite-module.md index 5e5623ec2..388a895e0 100644 --- a/iis/extensions/url-rewrite-module/using-custom-rewrite-providers-with-url-rewrite-module.md +++ b/iis/extensions/url-rewrite-module/using-custom-rewrite-providers-with-url-rewrite-module.md @@ -15,7 +15,7 @@ This walkthrough will guide you through how to use custom rewrite providers with ## Install URL Rewrite Extensibility Samples -In order to complete this walkthrough, download and install URL Rewrite Extensibility Samples (`https://www.microsoft.com/download/details.aspx?id=43353`). The Extensibility Samples installation package includes .NET assemblies and the source code with full implementation of rewrite providers for the three most common use cases: +In order to complete this walkthrough, download and install [IIS URL Rewrite 2.1](https://iis-umbraco.azurewebsites.net/downloads/microsoft/url-rewrite). The URL Rewrite Extensibility Samples for 2.0 are no longer available. - Storing of the rewrite or redirect mappings in a SQL database; - Storing of the rewrite or redirect mappings in a text file; diff --git a/iis/extensions/url-rewrite-module/using-the-url-rewrite-module.md b/iis/extensions/url-rewrite-module/using-the-url-rewrite-module.md index f435b3d97..357962353 100644 --- a/iis/extensions/url-rewrite-module/using-the-url-rewrite-module.md +++ b/iis/extensions/url-rewrite-module/using-the-url-rewrite-module.md @@ -87,10 +87,6 @@ These articles cover the functionality of the URL Rewrite Module and explain how - [URL Rewrite for ASP.NET Web Forms](url-rewriting-for-aspnet-web-forms.md) - [Developing rule templates for the URL Rewrite module](developing-rule-template-for-url-rewrite-module.md) -### Video walkthrough - -- [Using the URL rewrite module - video walkthrough](url-rewrite-module-video-walkthrough.md) - ## Changes since Go Live release The following additions, changes, and important bug fixes have been made to URL rewrite module since the Go Live release: diff --git a/iis/get-started/whats-new-in-iis-10/new-features-introduced-in-iis-10.md b/iis/get-started/whats-new-in-iis-10/new-features-introduced-in-iis-10.md index 177c9e71c..db5a84398 100644 --- a/iis/get-started/whats-new-in-iis-10/new-features-introduced-in-iis-10.md +++ b/iis/get-started/whats-new-in-iis-10/new-features-introduced-in-iis-10.md @@ -28,7 +28,7 @@ Learn more: [Introducing IIS on Nano Server](introducing-iis-on-nano-server.md) Windows Server 2016 and Windows 10 with the Anniversary Update add support for containers which are isolated, resource controlled, and portable operating environments. Windows Server 2016 and Windows 10 support two different container runtimes with a different degree of isolation: Windows containers achieve isolation through process and namespace isolation, while Hyper-V containers achieve isolation through lightweight virtual machines. IIS 10.0 runs in both container runtimes as well as on both base OS images, Server Core and Nano Server, allowing you to choose the best Windows container environment for your web workloads. -Get started with [IIS base images available on Docker Hub](https://hub.docker.com/r/microsoft/iis/) or follow this tutorial to [deploy an ASP.NET MVC application to IIS running inside a container](/aspnet/mvc/overview/deployment/docker-aspnetmvc). +Get started with [IIS base images available on Docker Hub](https://hub.docker.com/r/microsoft/windows-servercore-iis/) or follow this tutorial to [deploy an ASP.NET MVC application to IIS running inside a container](/aspnet/mvc/overview/deployment/docker-aspnetmvc). ## Managing IIS diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image10.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image10.png index 3dd2e33b0..659f44bfd 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image10.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image10.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image11.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image11.png index 3dd2e33b0..77a2cdde9 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image11.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image11.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image12.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image12.png index 3dd2e33b0..2c9383efe 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image12.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image12.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image13.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image13.png index 62debdc5a..27702329b 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image13.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image13.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image14.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image14.png index 62debdc5a..2851a7f00 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image14.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image14.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image25.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image25.png index 81574bc05..94c8c9fce 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image25.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image25.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image26.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image26.png index 81574bc05..bb304ff58 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image26.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image26.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image9.png b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image9.png index 3dd2e33b0..8823803c9 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image9.png and b/iis/get-started/whats-new-in-iis-8/iis-80-centralized-ssl-certificate-support-ssl-scalability-and-manageability/_static/image9.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image27.png b/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image27.png index e9274aa3a..f416ed898 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image27.png and b/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image27.png differ diff --git a/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image28.png b/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image28.png index e9274aa3a..b6223c9b1 100644 Binary files a/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image28.png and b/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability/_static/image28.png differ diff --git a/iis/install/installing-publishing-technologies/installing-and-configuring-web-deploy/_static/image9.png b/iis/install/installing-publishing-technologies/installing-and-configuring-web-deploy/_static/image9.png index a5dc6d09e..082640303 100644 Binary files a/iis/install/installing-publishing-technologies/installing-and-configuring-web-deploy/_static/image9.png and b/iis/install/installing-publishing-technologies/installing-and-configuring-web-deploy/_static/image9.png differ diff --git a/iis/manage/configuring-security/application-pool-identities.md b/iis/manage/configuring-security/application-pool-identities.md index 3d65994b6..94370edf7 100644 --- a/iis/manage/configuring-security/application-pool-identities.md +++ b/iis/manage/configuring-security/application-pool-identities.md @@ -54,11 +54,11 @@ You can try this by selecting a file in Windows Explorer and adding the "Default 4. Select the **Security** tab 5. Click the **Edit** button and then **Add** button 6. Click the **Locations** button and make sure that you select your computer. - - ![Screenshot of the Select Users or Groups dialog.](application-pool-identities/_static/image9.jpg) 7. Enter **IIS AppPool\DefaultAppPool** in the **Enter the object names to select:** text box. 8. Click the **Check Names** button and click **OK**. + ![Screenshot of the Select Users or Groups dialog.](application-pool-identities/_static/image9.jpg) + By doing this, the file or directory you selected will now also allow the **DefaultAppPool** identity access. You can do this via the command-line by using the ICACLS tool. The following example gives full access to the DefaultAppPool identity. diff --git a/iis/manage/configuring-security/iis-8-certificate-management-and-deployment.md b/iis/manage/configuring-security/iis-8-certificate-management-and-deployment.md deleted file mode 100644 index bbdee18dc..000000000 --- a/iis/manage/configuring-security/iis-8-certificate-management-and-deployment.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: "IIS 8 - Certificate Management and Deployment" -author: shauneagan -description: "Shaun Eagan describes the performance and management improvement for certificates in IIS 8." -ms.date: 09/19/2013 -ms.assetid: 07353f2d-9a24-4069-9e93-5696727ad89c -msc.legacyurl: /learn/manage/configuring-security/iis-8-certificate-management-and-deployment -msc.type: video ---- -# IIS 8 - Certificate Management and Deployment - -by [Shaun Eagan](https://github.com/shauneagan) - -Shaun Eagan describes the performance and management improvement for certificates in IIS 8. diff --git a/iis/manage/configuring-security/iis-8-sandboxing-and-security.md b/iis/manage/configuring-security/iis-8-sandboxing-and-security.md deleted file mode 100644 index c27faa285..000000000 --- a/iis/manage/configuring-security/iis-8-sandboxing-and-security.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: "IIS 8 - Sandboxing and Security" -author: rmcmurray -description: "Robert McMurray covers the sandboxing and security features in IIS 8." -ms.date: 09/19/2013 -ms.assetid: 03067dff-c8e2-4be3-913b-627e391615ec -msc.legacyurl: /learn/manage/configuring-security/iis-8-sandboxing-and-security -msc.type: video ---- -# IIS 8 - Sandboxing and Security - -by [Robert McMurray](https://github.com/rmcmurray) - -Robert McMurray covers the sandboxing and security features in IIS 8. diff --git a/iis/manage/configuring-security/image-1.png b/iis/manage/configuring-security/image-1.png new file mode 100644 index 000000000..8913be3f0 Binary files /dev/null and b/iis/manage/configuring-security/image-1.png differ diff --git a/iis/manage/configuring-security/image-10.png b/iis/manage/configuring-security/image-10.png new file mode 100644 index 000000000..731a34c24 Binary files /dev/null and b/iis/manage/configuring-security/image-10.png differ diff --git a/iis/manage/configuring-security/image-11.png b/iis/manage/configuring-security/image-11.png new file mode 100644 index 000000000..e411af886 Binary files /dev/null and b/iis/manage/configuring-security/image-11.png differ diff --git a/iis/manage/configuring-security/image-12.png b/iis/manage/configuring-security/image-12.png new file mode 100644 index 000000000..b675383a2 Binary files /dev/null and b/iis/manage/configuring-security/image-12.png differ diff --git a/iis/manage/configuring-security/image-2.png b/iis/manage/configuring-security/image-2.png new file mode 100644 index 000000000..5041f4776 Binary files /dev/null and b/iis/manage/configuring-security/image-2.png differ diff --git a/iis/manage/configuring-security/image-3.png b/iis/manage/configuring-security/image-3.png new file mode 100644 index 000000000..6c841da01 Binary files /dev/null and b/iis/manage/configuring-security/image-3.png differ diff --git a/iis/manage/configuring-security/image-4.png b/iis/manage/configuring-security/image-4.png new file mode 100644 index 000000000..5ba492f8f Binary files /dev/null and b/iis/manage/configuring-security/image-4.png differ diff --git a/iis/manage/configuring-security/image-5.png b/iis/manage/configuring-security/image-5.png new file mode 100644 index 000000000..6698da202 Binary files /dev/null and b/iis/manage/configuring-security/image-5.png differ diff --git a/iis/manage/configuring-security/image-6.png b/iis/manage/configuring-security/image-6.png new file mode 100644 index 000000000..a99b1b2f8 Binary files /dev/null and b/iis/manage/configuring-security/image-6.png differ diff --git a/iis/manage/configuring-security/image-7.png b/iis/manage/configuring-security/image-7.png new file mode 100644 index 000000000..943ff694e Binary files /dev/null and b/iis/manage/configuring-security/image-7.png differ diff --git a/iis/manage/configuring-security/image-8.png b/iis/manage/configuring-security/image-8.png new file mode 100644 index 000000000..2c2c02a19 Binary files /dev/null and b/iis/manage/configuring-security/image-8.png differ diff --git a/iis/manage/configuring-security/image-9.png b/iis/manage/configuring-security/image-9.png new file mode 100644 index 000000000..894314fdd Binary files /dev/null and b/iis/manage/configuring-security/image-9.png differ diff --git a/iis/manage/configuring-security/image.png b/iis/manage/configuring-security/image.png new file mode 100644 index 000000000..66634b13f Binary files /dev/null and b/iis/manage/configuring-security/image.png differ diff --git a/iis/manage/configuring-security/using-dynamic-ip-restrictions.md b/iis/manage/configuring-security/using-dynamic-ip-restrictions.md index 8115736a9..db56995a6 100644 --- a/iis/manage/configuring-security/using-dynamic-ip-restrictions.md +++ b/iis/manage/configuring-security/using-dynamic-ip-restrictions.md @@ -1,6 +1,6 @@ --- title: "Using Dynamic IP Restrictions" -author: naziml +author: naziml,esshrouf description: "The Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above provides protection against denial of service and brute force attacks on web servers and web..." ms.date: 02/16/2009 ms.assetid: a6881b7d-4080-440c-ab71-cb274ac6f128 @@ -15,6 +15,10 @@ by [Nazim Lala](https://github.com/naziml) The Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above provides protection against denial of service and brute force attacks on web servers and web sites. To provide this protection, the module temporarily blocks IP addresses of HTTP clients that make an unusually high number of concurrent requests or that make a large number of requests over small period of time. +## When to use Dynamic IP Restrictions? + +When you need to allow/deny access to a website (or allow all but log conditions met) based on the number of concurrent requests originating from an IP address or based on the number of requests from the IP over a period of time. + ## Features The Dynamic IP Restrictions module includes these key features: @@ -47,7 +51,9 @@ If you are using the **first** **Beta** release of the DIPR module, you must uni If you are using the **Beta 2** release of the DIPR module you can upgrade directly to the final release. Your configuration settings will be preserved. -## Configuring Dynamic IP Restrictions +## Accessing and Configuring Dynamic IP Restrictions + +Note: When configuring IP Restrictions, you need to consider both IIS level as well as site level configuration, as site level will override IIS level (this is a common IIS behavior and not specific to IP Restrictions feature). The Dynamic IP Restrictions can be configured by using either IIS Manager, IIS configuration APIs or by using command line tool **appcmd**. @@ -57,54 +63,145 @@ To access Dynamic IP Restriction settings in IIS Manager follow these steps: 2. In the left-hand side tree view select server node if you want to configure server-wide settings, or select a site node to configure site-specific settings. 3. In the Features View click "Dynamic IP Restrictions" ![Screenshot of I I S Manager showing the features list in the main pane, Dynamic IP Restrictions is selected.](using-dynamic-ip-restrictions/_static/image1.jpg) -4. In the "Dynamic IP Restrictions" main page you can enable and specify the configuration for any of the features. To add an IP address to the Allow list you can click on the "Show Allowed Addresses" link on the right: - ![Screenshot of I I S Manager showing Dynamic I P Restrictions in the main pane. Show Allowed Addresses is selected in the Actions pane.](using-dynamic-ip-restrictions/_static/image3.jpg) -5. Selecting the "Show Allowed Addresses" link above will bring up a window as shown below where you can see all the IP addresses that are allowed to bypass Dynamic IP Restriction validation. You can add more IP addresses to the list by selecting the "Add Allow Entry" link on the right. - ![Screenshot of I I S Manager showing the Add Allow Restriction Rule dialog. Add Allow Entry is highlighted in the Actions pane behind the dialog.](using-dynamic-ip-restrictions/_static/image5.jpg) -### Blocking of IP address based on number of concurrent requests +### Example 1: Blocking of IP address based on number of concurrent requests using appcmd When using this option, the server will allow any client's IP address to make only a configurable number of concurrent requests. Any additional requests that exceed the specified limit will be denied. -A simple way to test this feature is to set the maximum number of concurrent requests to 2 by either using UI or by executing appcmd command: +A simple way to test this feature is to set the maximum number of concurrent requests to 2 by executing appcmd command: [!code-console[Main](using-dynamic-ip-restrictions/samples/sample1.cmd)] -In the root folder of your web site create a file test.aspx and paste the following content into it: - -[!code-aspx[Main](using-dynamic-ip-restrictions/samples/sample2.aspx)] - -This ASP.NET page for 3 seconds before returning any response. Save the file and then open web browser, request `http://localhost/test.aspx` and then continuously hit F5 to refresh the browser. This will result in browser making more than 2 concurrent requests so as a result you will see the 403 - Forbidden error from server: - -![Screenshot of a server error page. The Error Summary shows H T T P Error 403.7 Forbidden.](using-dynamic-ip-restrictions/_static/image7.png) - > [!IMPORTANT] > When configuring number of concurrent requests for a real web application, thoroughly test the limit that you pick to ensure that valid HTTP clients do not get blocked. This is especially important for Rich Internet Applications that have AJAX enabled web pages and serve media content. -### Blocking of IP addresses based on number of requests over time +### Example 2: Blocking of IP addresses based on number of requests over time using appcmd When using this option the server will deny requests from any HTTP client's IP address that makes more than configurable number of requests over a period of time. The IP address will remain blocked until the number of requests within a time period drops below the configured limit. -To test this feature set the "Maximum number of requests" to 5 and "Time period" to 5000 by using either IIS Manager or by executing appcmd command: +To test this feature set the "Maximum number of requests" to 5 and "Time period" to 5000 by executing appcmd command: [!code-console[Main](using-dynamic-ip-restrictions/samples/sample3.cmd)] -Open web browser, request `http://localhost/welcome.png` and then hit F5 to continuously refresh the page. This will generate more than 5 requests over 5 seconds so as a result you will see server responding with 403 - Forbidden status code: - -![Screenshot of a server error page. The Error Summary shows H T T P Error 403.8 Forbidden.](using-dynamic-ip-restrictions/_static/image11.png) +Open web browser, request http://localhost/welcome.png and then hit F5 to continuously refresh the page. This will generate more than 5 requests over 5 seconds so as a result you will see server responding with 403 - Forbidden status code. If you wait for another 5 seconds when all the previous requests have executed and then make a request, the request will succeed. > [!IMPORTANT] > When configuring number of allowed requests over time for a real web application, thoroughly test the limits that you pick to ensure that valid HTTP clients do not get blocked. This is especially important for Rich Internet Applications that have AJAX enabled web pages and serve media content. +### Example 3: Blocking of IP address based on number of concurrent requests using UI + +On my IIS level, I have below configuration: + +From “Edit Feature Settings”: + +![alt text](image.png) + +![alt text](image-1.png) + +From “Edit Dynamic Restriction Settings…”: + +![alt text](image-2.png) + +![alt text](image-3.png) + +On my site level I have below configuration: + +![alt text](image-4.png) + +![alt text](image-5.png) + +This means that up to 2 simultaneous requests will be allowed to the site (due to number 2 set above), and a status code of 403 will be received for any other concurrent request (due to “Forbidden” action configured above) as can be seen in browser developer tools (I clicked “disable cache” to make it clear and avoid browser side caching): + +![alt text](image-6.png) + +Note: You might be wondering why do you see 3 allowed requests and not just two; that's because the first two requests were concurrently opened and once finished it happened that the third request reached the application, meaning the third request was the only one (hence only 1 concurrent requests) when it happened. + +The “Allow” action configured above means that any IP address is okay to send requests and that the rules configured specify on which conditions these allowed IPs will be denied access. + +As you noticed, site level config of “Allow” overridden IIS’s level “Deny”, and site's level config of “Forbidden” overridden IIS's level config of “Not Found”, and hence 403 status code was sent instead of 404. + +If I however change site's level “Allow” to “Deny” then all IPs will be denied access regardless of whether they made 2 concurrent requests or otherwise: + +![alt text](image-7.png) + +### Example 4: Blocking of IP address based on number of concurrent requests & number of requests over time, using UI + +Now let's change the configuration from Example 3 a bit on site level. IIS level is same as before in Example 3: + +![alt text](image-8.png) + +While site level configuration is now: + +![alt text](image-9.png) + +Now when making request from browser: + +![alt text](image-10.png) + +Each colored line (example highlighted) represents the lifetime of one request. The rule specifies two conditions as you can see. This means that any condition that gets met first then the denial will be applied. The rule will allow only up to two requests within 200 msec, and any further requests within this timeframe will be denied. As can be seen, the third request was triggered almost 20 msec after the first one, meaning now we have more than two requests within the 200 msec frame and hence the third one will be denied, and so will be the 4th and 5th and 6th. + +## Logging + +You will see the below in IIS logs (for Example 2 above): + +2024-07-22 14:17:48 ::1 GET / - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 0 0 1 + +2024-07-22 14:17:48 ::1 GET /Content/css v=7n95mJcoE9tVcdjbEUwG1-urp8oL9Yf2bFpa2lb4Nq41 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 0 0 3 + +2024-07-22 14:17:48 ::1 GET /bundles/modernizr v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 5 + +2024-07-22 14:17:48 ::1 GET /bundles/jquery v=JVBM4Dk7eZ-fjWvmxvoCeVR5MAt_3YXn4K7MRdHsuR81 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 7 + +2024-07-22 14:17:48 ::1 GET /bundles/bootstrap v=X8gnNIYDSsAzCxLBuTaZy64JJqo9mzWM5GPsE4TJLNI1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 7 + +2024-07-22 14:17:48 ::1 GET /favicon.ico - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 403 502 0 0 + +2024-07-22 14:17:48 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 403 502 0 0 + +Http status code for denied requests in this example will be 403 and sub status code will be 502. This way you can tell the difference between normal Forbidden status code set by the application code and between the Forbidden set by the IIS IP Restrictions feature. +List of (status codes) set by IP Restriction feature are discussed below. + ### Deny Actions The module can be configured to perform the following actions when denying requests for IP addresses: -- Send 403 (Forbidden) response to the client; -- Send 404 (File not found) response to the client; -- Abort request by closing the HTTP connection, without sending any response to the client. +• Forbidden: 403 +• Unauthorized: 401 +• Not Found: 404 +• Abort: the TCP connection will simply be reset and http will not be established. This is also nice in case main page is denied and you don't want the end user to see the sub status code 502 (to not know this was because of IP Restriction feature). User will instead see the below: +![alt text](image-11.png) + +And here's the possible (substatus codes) by IP Restriction feature: +501, 502. +Substatus code will either be 501 or 502 depending on which one of the two conditions got met and hence client was denied access: +501 -> Dynamic IP Restriction: too many concurrent requests were made from the same client IP. +502 -> Dynamic IP Restriction: the maximum number of requests from the same client IP within a specified time limit was reached. + +Above codes are documented here: HTTP status code overview - Internet Information Services | Microsoft Learn + +## Enable Logging Only Mode: + +Now in case of “Enable Logging Only Mode” there will be no clients denied by this feature, meaning status code will be the expected result (normally 200 but it also depends on your application) and clients will receive the expected normal response, however, substatus code indicating that one of the two conditions was met will be logged in IIS logs. Below is an example: + +2024-07-28 06:57:35 ::1 GET / - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 0 0 3 +2024-07-28 06:57:35 ::1 GET /bundles/modernizr v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 501 0 3 + +2024-07-28 06:57:35 ::1 GET /bundles/bootstrap v=X8gnNIYDSsAzCxLBuTaZy64JJqo9mzWM5GPsE4TJLNI1 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 502 0 8 + +2024-07-28 06:57:35 ::1 GET /Content/css v=7n95mJcoE9tVcdjbEUwG1-urp8oL9Yf2bFpa2lb4Nq41 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 0 0 9 + +2024-07-28 06:57:35 ::1 GET /bundles/jquery v=JVBM4Dk7eZ-fjWvmxvoCeVR5MAt_3YXn4K7MRdHsuR81 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 http://localhost:8090/ 200 501 0 8 +2024-07-28 06:57:35 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 502 0 19 + +2024-07-28 06:57:35 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 200 502 0 37 + +2024-07-28 06:57:35 ::1 GET /bundles/bootstrap.min.js.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 404 502 2 0 + +And the client will get this on its side: + +![alt text](image-12.png) ### Support for web servers behind proxy diff --git a/iis/manage/provisioning-and-managing-iis/websitepanel.md b/iis/manage/provisioning-and-managing-iis/websitepanel.md index 9a4633141..14f9290af 100644 --- a/iis/manage/provisioning-and-managing-iis/websitepanel.md +++ b/iis/manage/provisioning-and-managing-iis/websitepanel.md @@ -23,9 +23,9 @@ The WebsitePanel features list includes: · Long list of [supported software and platforms](http://websitepanel.net/SupportedSoftware.aspx) -· Close integration with [Microsoft Web App Gallery](https://www.microsoft.com/web/gallery/Categories.aspx) +· Close integration with Microsoft Web App Gallery -· Microsoft Web Platform Installer ([WPI](https://www.microsoft.com/web/gallery/Categories.aspx)) integration +· Microsoft Web Platform Installer (WPI) integration · Strong community support diff --git a/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7/_static/image25.png b/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7/_static/image25.png index fe73df5c6..9078d0c7d 100644 Binary files a/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7/_static/image25.png and b/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7/_static/image25.png differ diff --git a/iis/publish/using-web-deploy/web-deploy-powershell-cmdlets.md b/iis/publish/using-web-deploy/web-deploy-powershell-cmdlets.md index 4c8764dc0..a23dddf94 100644 --- a/iis/publish/using-web-deploy/web-deploy-powershell-cmdlets.md +++ b/iis/publish/using-web-deploy/web-deploy-powershell-cmdlets.md @@ -246,7 +246,7 @@ Examples: [!code-console[Main](web-deploy-powershell-cmdlets/samples/sample31.cmd)] -Description: This cmdlet can be used to apply any Web Deploy package. There are several ways to create or obtain a Web Deploy package, such as by downloading an open source Application Gallery package, creating a package in Visual Studio, using the msdeploy.exe command-line tool ([more info](https://technet.microsoft.com/library/dd568996(WS.10).aspx)), or using the Backup-WD\* cmdlets noted earlier in the document. For e.g. for installing wordpress on an IIS Server Default web site as an app named wordpress download the wordpress package from [the app gallery](https://www.microsoft.com/web/gallery/wordpress.aspx) into a folder called packages. All the default values for the wordpress package parameters will work as is but just need to specify the values for two required parameters: admin and non admin mysql password. +Description: This cmdlet can be used to apply any Web Deploy package. There are several ways to create or obtain a Web Deploy package, such as by downloading an open source Application Gallery package, creating a package in Visual Studio, using the msdeploy.exe command-line tool ([more info](https://technet.microsoft.com/library/dd568996(WS.10).aspx)), or using the Backup-WD\* cmdlets noted earlier in the document. For e.g. for installing wordpress on an IIS Server Default web site as an app named wordpress download the wordpress package from the app gallery into a folder called packages. All the default values for the wordpress package parameters will work as is but just need to specify the values for two required parameters: admin and non admin mysql password. Parameters: diff --git a/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image7.png b/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image7.png index a6e7526ac..46321f418 100644 Binary files a/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image7.png and b/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image7.png differ diff --git a/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image8.png b/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image8.png index a6e7526ac..a4e889374 100644 Binary files a/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image8.png and b/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate/_static/image8.png differ diff --git a/iis/web-development-reference/native-code-api-reference/ihttprequest-getclientcertificate-method.md b/iis/web-development-reference/native-code-api-reference/ihttprequest-getclientcertificate-method.md index 5b7d5406b..6e0edb4d0 100644 --- a/iis/web-development-reference/native-code-api-reference/ihttprequest-getclientcertificate-method.md +++ b/iis/web-development-reference/native-code-api-reference/ihttprequest-getclientcertificate-method.md @@ -18,7 +18,7 @@ HRESULT GetClientCertificate( ### Parameters `ppClientCertInfo` - [OUT] A pointer to an [HTTP_SSL_CLIENT_CERT_INFO](https://go.microsoft.com/fwlink/?LinkId=63150) structure. + [OUT] A pointer to an [HTTP_SSL_CLIENT_CERT_INFO](https://learn.microsoft.com/windows/win32/api/http/ns-http-http_ssl_client_cert_info) structure. `pfClientCertNegotiated` [OUT] `true` if the client certificate has been negotiated already; otherwise, `false`. For more information, see the Remarks section. @@ -42,7 +42,7 @@ HRESULT GetClientCertificate( For URLs that do not require a client certificate, you can call the [NegotiateClientCertificate](../../web-development-reference/native-code-api-reference/ihttprequest-negotiateclientcertificate-method.md) method before you call `GetClientCertificate` to attempt a manual loading of the client certificate. ## Example - The following example demonstrates how to get a pointer to the [HTTP_SSL_CLIENT_CERT_INFO](https://go.microsoft.com/fwlink/?LinkId=63150) structure by implementing the [CHttpModule::OnBeginRequest](../../web-development-reference/native-code-api-reference/chttpmodule-onbeginrequest-method.md) method. + The following example demonstrates how to get a pointer to the [HTTP_SSL_CLIENT_CERT_INFO](https://learn.microsoft.com/windows/win32/api/http/ns-http-http_ssl_client_cert_info) structure by implementing the [CHttpModule::OnBeginRequest](../../web-development-reference/native-code-api-reference/chttpmodule-onbeginrequest-method.md) method. [!code-cpp[IHttpRequestGetClientCertificate#2](../../../samples/snippets/cpp/VS_Snippets_IIS/IIS7/IHttpRequestGetClientCertificate/cpp/mymodule.cpp#2)] diff --git a/iis/web-hosting/configuring-components/powershell-scripts.md b/iis/web-hosting/configuring-components/powershell-scripts.md index 3a1577f74..b1b3037cb 100644 --- a/iis/web-hosting/configuring-components/powershell-scripts.md +++ b/iis/web-hosting/configuring-components/powershell-scripts.md @@ -53,7 +53,7 @@ by [Walter Oliver](https://github.com/walterov) 1. [Provisioning Sample in C#](powershell-scripts/_static/powershell-scripts-327-iis7provisioningsample1.zip) is a set of C# samples to perform several common provisioning tasks, See details in the [Provisioning Sample in C#](../../manage/provisioning-and-managing-iis/provisioning-sample-in-c.md) article. 2. [Hosting Services Sample](powershell-scripts/_static/hssample_4-11.zip) is an extensive C# code sample for provisioning Sites, User accounts, SQL db, and others. See details in the [Hosting Services Code Sample](../../manage/provisioning-and-managing-iis/index.md) article. 3. [Code Samples and Scripts](../../manage/provisioning-and-managing-iis/index.md) provides sample code snippets for creating IIS 7.0 Sites and Configuration tasks. -4. [IIS Sites Provisioning PowerShell Scripts](https://www.iis.net/community/files/hosting/ProvisioningScripts 4-7-2008.zip "IIS Sites PowerShell Scripts"). These are 6 PowerShell Scripts to help you automate the provisioning of AppPools, Sites, Applications, Virtual Directories, and Bindings. They use the Microsoft.Web.Administration managed code namespace interfaces to provision these objects. Here is an example for each of them: +4. [IIS Sites Provisioning PowerShell Scripts](https://www.iis.net/community/files/hosting/ProvisioningScripts%204-7-2008.zip "IIS Sites PowerShell Scripts"). These are 6 PowerShell Scripts to help you automate the provisioning of AppPools, Sites, Applications, Virtual Directories, and Bindings. They use the Microsoft.Web.Administration managed code namespace interfaces to provision these objects. Here is an example for each of them: 4.1. **To create any number of AppPools, Sites, Applications, Virtual Directories, and Bindings arranged in accordance to a configuration data file** use Sample\_AppPool\_Site\_AppCreation. This script calls all the others to create each object in accordance to the configuration data found in the ProvisioningConfig.xml XML file. diff --git a/iis/web-hosting/getting-started/microsoft-web-platform-privacy-statements.md b/iis/web-hosting/getting-started/microsoft-web-platform-privacy-statements.md deleted file mode 100644 index e020fe33d..000000000 --- a/iis/web-hosting/getting-started/microsoft-web-platform-privacy-statements.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: "Microsoft Web Platform Privacy Statements" -author: bilalaslam -description: "Below are the privacy statements for the various Microsoft products that are offered through the Web App Gallery, through the Web Platform Installer, and thr..." -ms.date: 04/08/2011 -ms.assetid: fd92cc09-a9a7-408e-8a94-13204c157b96 -msc.legacyurl: /learn/web-hosting/getting-started/microsoft-web-platform-privacy-statements -msc.type: authoredcontent ---- -# Microsoft Web Platform Privacy Statements - -by [Bilal Aslam](https://github.com/bilalaslam) - -Below are the privacy statements for the various Microsoft products that are offered through the Web App Gallery, through the Web Platform Installer, and through similar Web Platform Installer-like functionality in such other Microsoft software as the Web Farm Framework and WebMatrix - -Microsoft WebMatrix: [Privacy Statement](/iis/develop/using-webmatrix/webmatrix-privacy-statement)